Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-09 | CVE-2016-6829 | Use of Hard-coded Credentials vulnerability in multiple products The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors. | 9.8 |
| 2016-11-30 | CVE-2016-2948 | Use of Hard-coded Credentials vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors. | 7.8 |
| 2016-10-05 | CVE-2016-7560 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlc The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. | 9.8 |
| 2016-09-24 | CVE-2016-6532 | Use of Hard-coded Credentials vulnerability in Dexis Imaging Suite 10.0 DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session. | 9.8 |
| 2016-09-21 | CVE-2016-6530 | Use of Hard-coded Credentials vulnerability in Dentsply Sirona CDR Dicom 5.0 Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of these passwords. | 9.8 |
| 2016-09-19 | CVE-2016-6535 | Use of Hard-coded Credentials vulnerability in Aver Eh6108H+ Firmware X9.03.24.00.07L AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session. | 9.8 |
| 2016-08-31 | CVE-2016-5678 | Use of Hard-coded Credentials vulnerability in Nuuo Nvrmini 2 and Nvrsolo NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors. | 9.8 |
| 2016-08-31 | CVE-2016-5333 | Use of Hard-coded Credentials vulnerability in VMWare Photon OS 1.0 VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. | 9.8 |
| 2016-08-24 | CVE-2016-5081 | Use of Hard-coded Credentials vulnerability in Zmodo Zp-Ibh-13W and Zp-Ne-14-S ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session. | 9.8 |
| 2016-06-09 | CVE-2016-2310 | Use of Hard-coded Credentials vulnerability in GE Multilink Firmware 5.4.1/5.5.0 General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface. | 9.8 |