Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-19 | CVE-2018-6210 | Use of Hard-coded Credentials vulnerability in Dlink Dir-620 Firmware 1.0.37 D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session. | 9.8 |
| 2018-06-13 | CVE-2018-12323 | Use of Hard-coded Credentials vulnerability in Apollotechnologiesinc Momentum Axel 720P and Momentum Axel 720P Firmware An issue was discovered on Momentum Axel 720P 5.1.8 devices. | 6.8 |
| 2018-06-07 | CVE-2018-0329 | Use of Hard-coded Credentials vulnerability in Cisco Wide Area Application Services 6.2(3)/6.4(1) A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. | 5.3 |
| 2018-06-05 | CVE-2018-10966 | Use of Hard-coded Credentials vulnerability in Gamerpolls 0.4.6 An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js. | 7.3 |
| 2018-06-05 | CVE-2018-10813 | Use of Hard-coded Credentials vulnerability in Aprendecondedos Dedos-Web 1.0 In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. | 7.3 |
| 2018-06-02 | CVE-2018-11682 | Use of Hard-coded Credentials vulnerability in Lutron products Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. | 9.8 |
| 2018-06-02 | CVE-2018-11681 | Use of Hard-coded Credentials vulnerability in Lutron products Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. | 9.8 |
| 2018-06-02 | CVE-2018-11629 | Use of Hard-coded Credentials vulnerability in Lutron products Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. | 9.8 |
| 2018-05-30 | CVE-2018-11482 | Use of Hard-coded Credentials vulnerability in Tp-Link products /usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password. | 9.8 |
| 2018-05-20 | CVE-2018-11311 | Use of Hard-coded Credentials vulnerability in Myscada Mypro 7.0 A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials. | 9.1 |