Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-21 | CVE-2018-18009 | Use of Hard-coded Credentials vulnerability in Dlink Dir-140L Firmware and Dir-640L Firmware dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials. | 9.8 |
| 2018-12-21 | CVE-2018-18008 | Use of Hard-coded Credentials vulnerability in Dlink products spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials. | 9.8 |
| 2018-12-21 | CVE-2018-18007 | Use of Hard-coded Credentials vulnerability in Dlink Dsl-2770L Firmware Me1.01/Me1.02/Me1.06 atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials. | 9.8 |
| 2018-12-20 | CVE-2018-15720 | Use of Hard-coded Credentials vulnerability in Logitech Harmony HUB Firmware Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API. | 9.8 |
| 2018-12-20 | CVE-2018-19233 | Use of Hard-coded Credentials vulnerability in Comparex Miss Marple COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file. | 7.8 |
| 2018-12-14 | CVE-2018-18006 | Use of Hard-coded Credentials vulnerability in Ricoh Myprint 2.2.7/2.9.2.4 Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files. | 9.8 |
| 2018-12-13 | CVE-2018-1887 | Use of Hard-coded Credentials vulnerability in IBM Security Access Manager IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.8 |
| 2018-12-13 | CVE-2018-1818 | Use of Hard-coded Credentials vulnerability in IBM Security Guardium IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2018-12-05 | CVE-2018-1650 | Use of Hard-coded Credentials vulnerability in IBM Qradar Incident Forensics IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. | 5.5 |
| 2018-12-04 | CVE-2018-0468 | Use of Hard-coded Credentials vulnerability in Cisco Energy Management Suite 5.2 A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite (CEMS) could allow an authenticated, local attacker to access and alter confidential data. | 7.8 |