Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2020-07-01 CVE-2020-2500 Use of Hard-coded Credentials vulnerability in Qnap Helpdesk
This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service.
network
low complexity
qnap CWE-798
6.5
6.5
2020-06-30 CVE-2020-14474 Use of Hard-coded Credentials vulnerability in Cellebrite Ufed Firmware 5.0/7.5.0.845
The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique.
network
low complexity
cellebrite CWE-798
7.5
7.5
2020-06-29 CVE-2018-6446 Use of Hard-coded Credentials vulnerability in Broadcom Brocade Network Advisor
A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications.
network
low complexity
broadcom CWE-798
critical
 9.8
9.8
2020-06-29 CVE-2020-15324 Use of Hard-coded Credentials vulnerability in Zyxel Cloud CNM Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials.
network
low complexity
zyxel CWE-798
critical
 9.8
9.8
2020-06-29 CVE-2020-15323 Use of Hard-coded Credentials vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials.
network
low complexity
zyxel CWE-798
critical
 9.8
9.8
2020-06-29 CVE-2020-15322 Use of Hard-coded Credentials vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account.
network
low complexity
zyxel CWE-798
critical
 9.8
9.8
2020-06-29 CVE-2020-15321 Use of Hard-coded Credentials vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account.
network
low complexity
zyxel CWE-798
critical
 9.8
9.8
2020-06-29 CVE-2020-15320 Use of Hard-coded Credentials vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account.
network
low complexity
zyxel CWE-798
critical
 9.8
9.8
2020-06-29 CVE-2020-15319 Use of Hard-coded Credentials vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree.
network
high complexity
zyxel CWE-798
5.9
5.9
2020-06-29 CVE-2020-15318 Use of Hard-coded Credentials vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree.
network
high complexity
zyxel CWE-798
5.9
5.9