Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-06 | CVE-2020-5667 | Use of Hard-coded Credentials vulnerability in Wantedlyinc Studyplus 6.3.7/8.29.0 Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. | 5.5 |
| 2020-11-04 | CVE-2020-27689 | Use of Hard-coded Credentials vulnerability in Imomobile Verve Connect Vh510 Firmware The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. | 9.8 |
| 2020-10-29 | CVE-2020-11615 | Use of Hard-coded Credentials vulnerability in Intel BMC Firmware 1.06.06/2.47 NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure. | 7.5 |
| 2020-10-29 | CVE-2020-11487 | Use of Hard-coded Credentials vulnerability in Intel BMC Firmware 1.06.06/2.47 NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. | 7.5 |
| 2020-10-29 | CVE-2020-11483 | Use of Hard-coded Credentials vulnerability in Intel BMC Firmware 1.06.06/2.47 NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information disclosure. | 9.8 |
| 2020-10-28 | CVE-2020-16258 | Use of Hard-coded Credentials vulnerability in Winstonprivacy Winston Firmware 1.5.4 Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials. | 7.1 |
| 2020-10-27 | CVE-2020-11854 | Use of Hard-coded Credentials vulnerability in Microfocus products Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. | 9.8 |
| 2020-10-27 | CVE-2020-27181 | Use of Hard-coded Credentials vulnerability in Konzept-Ix Publixone A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files. | 6.5 |
| 2020-10-26 | CVE-2020-26879 | Use of Hard-coded Credentials vulnerability in Commscope Ruckus Vriot 1.5.1.0.21 Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. | 9.8 |
| 2020-10-06 | CVE-2020-24218 | Use of Hard-coded Credentials vulnerability in Szuray products An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. | 9.8 |