Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-12 | CVE-2019-13530 | Use of Hard-coded Credentials vulnerability in Philips products Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). | 7.2 |
| 2019-09-12 | CVE-2019-11898 | Use of Hard-coded Credentials vulnerability in Bosch Access 2.1/3.3/3.7 Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. | 9.9 |
| 2019-09-11 | CVE-2019-13473 | Use of Hard-coded Credentials vulnerability in multiple products TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service within the BusyBox subsystem, leading to root access. | 9.8 |
| 2019-09-03 | CVE-2019-15867 | Use of Hard-coded Credentials vulnerability in Omaksolutions Slick-Popup The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13# password for the slickpopupteam account, after a Subscriber calls a certain AJAX action. | 8.8 |
| 2019-08-29 | CVE-2019-15745 | Use of Hard-coded Credentials vulnerability in Equeshome ELF Smart Plug Firmware The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. | 8.8 |
| 2019-08-29 | CVE-2019-14943 | Use of Hard-coded Credentials vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. | 9.8 |
| 2019-08-26 | CVE-2019-15497 | Use of Hard-coded Credentials vulnerability in multiple products Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP. | 9.8 |
| 2019-08-23 | CVE-2019-6698 | Use of Hard-coded Credentials vulnerability in Fortinet Fortirecorder Firmware Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device. | 9.8 |
| 2019-08-22 | CVE-2016-10928 | Use of Hard-coded Credentials vulnerability in Onelogin Saml SSO The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users. | 7.5 |
| 2019-08-21 | CVE-2019-1935 | Use of Hard-coded Credentials vulnerability in Cisco products A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. | 9.8 |