Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-20 | CVE-2019-7594 | Use of Hard-coded Credentials vulnerability in Johnsoncontrols Metasys System Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP). | 9.1 |
| 2019-08-20 | CVE-2019-7593 | Use of Hard-coded Credentials vulnerability in Johnsoncontrols Metasys System Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP). | 9.1 |
| 2019-08-08 | CVE-2018-20955 | Use of Hard-coded Credentials vulnerability in Swann Swwhd-Intcam-Hd Firmware Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. | 9.8 |
| 2019-07-31 | CVE-2019-12797 | Use of Hard-coded Credentials vulnerability in Elmelectronics Elm27 Firmware A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle. | 9.8 |
| 2019-07-22 | CVE-2019-12327 | Use of Hard-coded Credentials vulnerability in Akuvox Sp-R50P Firmware 50.0.6.156 Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to the device via telnet. | 9.8 |
| 2019-07-20 | CVE-2019-9229 | Use of Hard-coded Credentials vulnerability in Audiocodes products An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. | 8.8 |
| 2019-07-17 | CVE-2019-1919 | Use of Hard-coded Credentials vulnerability in Cisco Findit Network Manager and Findit Network Probe A vulnerability in the Cisco FindIT Network Management Software virtual machine (VM) images could allow an unauthenticated, local attacker who has access to the VM console to log in to the device with a static account that has root privileges. | 7.8 |
| 2019-07-09 | CVE-2019-3950 | Use of Hard-coded Credentials vulnerability in Arlo products Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hardcoded username and password combination that allows root access to the device when an onboard serial interface is connected to. | 9.8 |
| 2019-07-08 | CVE-2019-13399 | Use of Hard-coded Credentials vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0 Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation. | 5.9 |
| 2019-07-05 | CVE-2019-13352 | Use of Hard-coded Credentials vulnerability in Wolfvision Cynap WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. | 9.8 |