Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2018-06-02 CVE-2018-11682 Use of Hard-coded Credentials vulnerability in Lutron products
Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y.
network
low complexity
lutron CWE-798
critical
9.8
2018-06-02 CVE-2018-11681 Use of Hard-coded Credentials vulnerability in Lutron products
Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y.
network
low complexity
lutron CWE-798
critical
9.8
2018-06-02 CVE-2018-11629 Use of Hard-coded Credentials vulnerability in Lutron products
Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y.
network
low complexity
lutron CWE-798
critical
9.8
2018-05-30 CVE-2018-11482 Use of Hard-coded Credentials vulnerability in Tp-Link products
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.
network
low complexity
tp-link CWE-798
critical
9.8
2018-05-20 CVE-2018-11311 Use of Hard-coded Credentials vulnerability in Myscada Mypro 7.0
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
network
low complexity
myscada CWE-798
critical
9.1
2018-05-17 CVE-2018-0222 Use of Hard-coded Credentials vulnerability in Cisco Digital Network Architecture Center 1.1/1.1.1/1.1.2
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials.
network
low complexity
cisco CWE-798
critical
10.0
2018-05-15 CVE-2018-11094 Use of Hard-coded Credentials vulnerability in Intelbras Ncloud 300 Firmware 1.0
An issue was discovered on Intelbras NCLOUD 300 1.0 devices.
network
low complexity
intelbras CWE-798
critical
9.8
2018-05-10 CVE-2018-9112 Use of Hard-coded Credentials vulnerability in Foxconn Ap-Fc4064-T Firmware Apgtb385.8.3Lb15W47Lte
A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15.
network
low complexity
foxconn CWE-798
critical
9.8
2018-05-09 CVE-2016-9335 Use of Hard-coded Credentials vulnerability in Redlion products
A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190.
network
low complexity
redlion CWE-798
critical
10.0
2018-05-08 CVE-2017-17540 Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlc
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.
network
low complexity
fortinet CWE-798
critical
9.8