Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-28 | CVE-2020-16258 | Use of Hard-coded Credentials vulnerability in Winstonprivacy Winston Firmware 1.5.4 Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials. | 7.1 |
| 2020-10-27 | CVE-2020-11854 | Use of Hard-coded Credentials vulnerability in Microfocus products Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. | 9.8 |
| 2020-10-27 | CVE-2020-27181 | Use of Hard-coded Credentials vulnerability in Konzept-Ix Publixone A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files. | 6.5 |
| 2020-10-26 | CVE-2020-26879 | Use of Hard-coded Credentials vulnerability in Commscope Ruckus Vriot 1.5.1.0.21 Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. | 9.8 |
| 2020-10-15 | CVE-2020-12501 | Use of Hard-coded Credentials vulnerability in multiple products Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts. | 9.8 |
| 2020-10-06 | CVE-2020-24218 | Use of Hard-coded Credentials vulnerability in Szuray products An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. | 9.8 |
| 2020-10-06 | CVE-2020-24215 | Use of Hard-coded Credentials vulnerability in multiple products An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. | 9.8 |
| 2020-10-01 | CVE-2020-24620 | Use of Hard-coded Credentials vulnerability in Unisys Stealth Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable format. | 7.8 |
| 2020-09-30 | CVE-2019-17098 | Use of Hard-coded Credentials vulnerability in August Home and Connect Wi-Fi Bridge Firmware Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. | 6.5 |
| 2020-09-25 | CVE-2020-25749 | Use of Hard-coded Credentials vulnerability in Rubetek products The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. | 9.8 |