Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-08 | CVE-2018-5399 | Use of Hard-coded Credentials vulnerability in Auto-Maskin Dcu-210E Firmware and Rp-210E Firmware The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. | 10.0 |
| 2018-10-08 | CVE-2018-1742 | Use of Hard-coded Credentials vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.2 |
| 2018-10-05 | CVE-2018-15427 | Use of Hard-coded Credentials vulnerability in Cisco Video Surveillance Manager 7.10/7.11/7.11.1 A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials. | 10.0 |
| 2018-10-05 | CVE-2018-15389 | Use of Hard-coded Credentials vulnerability in Cisco Prime Collaboration 12.1 A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. | 7.5 |
| 2018-10-02 | CVE-2018-15753 | Use of Hard-coded Credentials vulnerability in Mensamax 4.3 An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. | 5.0 |
| 2018-10-01 | CVE-2018-17217 | Use of Hard-coded Credentials vulnerability in PTC Thingworx Platform An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. | 5.0 |
| 2018-09-26 | CVE-2018-8856 | Use of Hard-coded Credentials vulnerability in Philips E-Alert Firmware Philips e-Alert Unit (non-medical device), Version R2.1 and prior. | 5.0 |
| 2018-09-18 | CVE-2018-16957 | Use of Hard-coded Credentials vulnerability in Oracle Webcenter Interaction 10.3.3 The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. | 10.0 |
| 2018-09-07 | CVE-2018-0663 | Use of Hard-coded Credentials vulnerability in Iodata products Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector. | 9.0 |
| 2018-09-05 | CVE-2018-16546 | Use of Hard-coded Credentials vulnerability in Amcrest Ipc-Hx1X3X-Lexus ENG N Amcrest V2.420.Ac01.3.R.20180206 Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by Amcrest_IPC-HX1X3X-LEXUS_Eng_N_AMCREST_V2.420.AC01.3.R.20180206. | 4.3 |