Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-06 | CVE-2019-15977 | Use of Hard-coded Credentials vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. | 7.5 |
| 2020-01-06 | CVE-2019-15976 | Use of Hard-coded Credentials vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. | 9.8 |
| 2020-01-06 | CVE-2019-15975 | Use of Hard-coded Credentials vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. | 9.8 |
| 2020-01-02 | CVE-2013-3619 | Use of Hard-coded Credentials vulnerability in multiple products Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon. | 8.1 |
| 2019-12-16 | CVE-2019-18831 | Use of Hard-coded Credentials vulnerability in Barco products Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure. | 5.3 |
| 2019-12-13 | CVE-2019-16734 | Use of Hard-coded Credentials vulnerability in multiple products Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 9.8 |
| 2019-12-13 | CVE-2014-0175 | Use of Hard-coded Credentials vulnerability in multiple products mcollective has a default password set at install | 9.8 |
| 2019-12-12 | CVE-2019-10694 | Use of Hard-coded Credentials vulnerability in Puppet Enterprise The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. | 9.8 |
| 2019-12-11 | CVE-2019-3983 | Use of Hard-coded Credentials vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections. | 6.8 |
| 2019-12-11 | CVE-2013-3542 | Use of Hard-coded Credentials vulnerability in Grandstream products Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session. | 10.0 |