CVE Daily
← All tags

Tag: Hardcoded Credentials

All CVEs associated with "Hardcoded Credentials". Page 7/8 • 844 CVEs.

Subscribe CVEs: RSS for “Hardcoded Credentials”  ·  RSS (High+Critical only)

About “Hardcoded Credentials”

A curated feed of “Hardcoded Credentials”-related CVEs appears below. We currently track 844 CVEs for this tag (all time). In the last 365 days, 161 were published. Average CVSS is 8.0 (all time; 7.3 over 365d), and 75% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-798 - Use of Hard-coded Credentials, CWE-259 - Use of Hard-coded Password, CWE-255 - CWE-255.

In our taxonomy this topic maps to a MODERATE impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2017-09-26
Critical

CVE-2017-9957

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-09-25
Critical

CVE-2015-4667

Multiple hardcoded credentials in Xsuite 2.x.

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-09-21
Critical

CVE-2017-12928

A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-09-13
Critical

CVE-2017-14421

D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attac…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-08-31
High

CVE-2014-8675

Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force at…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-08-25
Medium

CVE-2017-12709

A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials,…

CVSS: 5.3 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-08-02
High

CVE-2017-2283

WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.

CVSS: 8.0 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
High

CVE-2017-2280

WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.

CVSS: 8.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-08-01
Critical

CVE-2017-11129

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content o…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-07-31
Critical

CVE-2017-11743

MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
High

CVE-2017-9488

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to access th…

CVSS: 8.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-07-28
Critical

CVE-2017-11694

MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate direct…

CVSS: 9.1 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Critical

CVE-2017-11693

MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate…

CVSS: 9.1 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-07-25
Critical

CVE-2017-11614

MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the da…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-07-22
Critical

CVE-2017-3222

Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM pri…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-07-17
Critical

CVE-2017-2343

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing fi…

CVSS: 10.0 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-07-07
Critical

CVE-2017-2236

Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-06-30
Critical

CVE-2017-6022

A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use ha…

CVSS: 9.8 CWE: CWE-259 - Use of Hard-coded Password View on NVD
Critical

CVE-2016-9358

A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check B…

CVSS: 9.8 CWE: CWE-259 - Use of Hard-coded Password View on NVD
2017-06-02
Medium

CVE-2017-6039

A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device.

CVSS: 5.3 CWE: CWE-259 - Use of Hard-coded Password View on NVD
2017-05-21
High

CVE-2017-9132

A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightwei…

CVSS: 7.5 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-05-03
Medium

CVE-2017-6626

A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve informatio…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-02-13
Critical

CVE-2016-8567

An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Critical

CVE-2016-5818

An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device.

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-02-08
Critical

CVE-2016-8954

IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database.

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2016-12-09
Critical

CVE-2016-9013

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it eas…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2016-11-30
High

CVE-2016-2948

IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors.

CVSS: 7.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2016-09-24
Critical

CVE-2016-6532

DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session.

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2016-08-03
Critical

CVE-2016-5670

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access vi…

CVSS: 9.8 CWE: CWE-255 View on NVD
2016-07-15
Critical

CVE-2016-4520

Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary…

CVSS: 9.8 CWE: N/A View on NVD
2016-06-20
Critical

CVE-2016-2362

Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection.

CVSS: 9.8 CWE: N/A View on NVD
2016-06-10
Critical

CVE-2016-4328

MEDHOST Perioperative Information Management System (aka PIMS or VPIMS) before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct…

CVSS: 9.8 CWE: N/A View on NVD
2016-06-09
Critical

CVE-2016-2310

General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, wh…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2016-05-31
Critical

CVE-2016-4521

Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors.

CVSS: 9.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2016-05-14
Critical

CVE-2016-4325

Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors.

CVSS: 9.8 CWE: CWE-255 View on NVD
2016-04-06
Critical

CVE-2015-7921

The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for re…

CVSS: 9.1 CWE: CWE-255 View on NVD
2016-04-01
Critical

CVE-2016-2343

Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements.

CVSS: 9.8 CWE: N/A View on NVD
2016-03-03
Critical

CVE-2016-1329

Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
2016-02-27
Critical

CVE-2015-7261

The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a…

CVSS: 9.8 CWE: CWE-255 View on NVD
2016-02-08
Critical

CVE-2016-2230

OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session.

CVSS: 9.8 CWE: CWE-255 View on NVD
2016-01-26
High

CVE-2016-1491

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by lev…

CVSS: 8.8 CWE: CWE-255 View on NVD
2016-01-22
Critical

CVE-2016-1984

The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access v…

CVSS: 9.8 CWE: CWE-255 View on NVD
Critical

CVE-2015-8362

The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access…

CVSS: 9.8 CWE: CWE-255 View on NVD
2015-12-30
Critical

CVE-2015-7251

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.

CVSS: 9.8 CWE: CWE-255 View on NVD
2015-12-24
Critical

CVE-2015-7930

Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors.

CVSS: 10.0 CWE: N/A View on NVD
2015-12-23
Critical

CVE-2015-7911

Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.2…

CVSS: 9.1 CWE: CWE-255 View on NVD
2015-11-06
Medium

CVE-2015-6316

The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by…

CVSS: 6.5 CWE: CWE-255 View on NVD
2015-11-04
Medium

CVE-2015-2903

The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of thi…

CVSS: 6.9 CWE: N/A View on NVD
2015-10-09
Critical

CVE-2015-7765

ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access…

CVSS: 9.0 CWE: N/A View on NVD
2015-09-28
Critical

CVE-2015-3974

EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENS…

CVSS: 9.0 CWE: CWE-255 View on NVD
2015-09-18
Critical

CVE-2015-6456

GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequent…

CVSS: 9.0 CWE: N/A View on NVD
2015-09-11
Critical

CVE-2015-3964

SMA Solar Sunny WebBox has hardcoded passwords, which makes it easier for remote attackers to obtain access via unspecified vectors.

CVSS: 10.0 CWE: N/A View on NVD
2015-08-31
Medium

CVE-2015-6743

Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge…

CVSS: 6.5 CWE: CWE-255 View on NVD
Medium

CVE-2015-6742

Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge…

CVSS: 6.5 CWE: CWE-255 View on NVD
2015-08-23
High

CVE-2015-2904

Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interfa…

CVSS: 8.3 CWE: N/A View on NVD
2015-07-06
Medium

CVE-2015-1011

Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2015-07-04
Medium

CVE-2015-4196

Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by lever…

CVSS: 5.0 CWE: CWE-255 View on NVD
2015-06-24
High

CVE-2015-5067

The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes…

CVSS: 7.5 CWE: CWE-255 View on NVD
2015-06-23
Medium

CVE-2015-0972

Pearson ProctorCache before 2015.1.17 uses the same hardcoded password across different customers' installations, which allows remote attackers to modify test metadata or cause a denial of service (t…

CVSS: 5.0 CWE: CWE-255 View on NVD
2015-06-08
Medium

CVE-2015-3001

SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by lever…

CVSS: 5.0 CWE: CWE-255 View on NVD
2015-01-27
Critical

CVE-2014-9198

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an…

CVSS: 10.0 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2015-01-08
Medium

CVE-2014-9576

VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2014-09-23
Critical

CVE-2014-4752

IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System In…

CVSS: 10.0 CWE: N/A View on NVD
2014-08-22
High

CVE-2014-5396

The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the "user" account, which makes it easier for remote attackers to obtain access…

CVSS: 7.5 CWE: N/A View on NVD
2014-08-17
Critical

CVE-2014-0326

The Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allow remote attackers to read hardcoded credentials via the web interface.

CVSS: 9.3 CWE: N/A View on NVD
2014-08-15
Medium

CVE-2014-2964

Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges…

CVSS: 6.9 CWE: N/A View on NVD
Critical

CVE-2014-2940

Cobham Sailor 900 and 6000 satellite terminals with firmware 1.08 MFHF and 2.11 VHF have hardcoded credentials for the administrator account, which allows attackers to obtain administrative control b…

CVSS: 10.0 CWE: N/A View on NVD
2014-07-16
Critical

CVE-2013-5755

config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) f…

CVSS: 10.0 CWE: CWE-255 View on NVD
2014-07-14
Critical

CVE-2014-2951

Datum Systems SnIP on PSM-500 and PSM-4500 devices has a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.

CVSS: 10.0 CWE: N/A View on NVD
2014-07-07
High

CVE-2014-2969

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify mem…

CVSS: 8.3 CWE: CWE-255 View on NVD
2014-06-09
Medium

CVE-2014-4012

SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.

CVSS: 5.0 CWE: CWE-255 View on NVD
Medium

CVE-2014-4011

SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.

CVSS: 5.0 CWE: CWE-255 View on NVD
Medium

CVE-2014-4010

SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.

CVSS: 5.0 CWE: CWE-255 View on NVD
Medium

CVE-2014-4009

SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.

CVSS: 5.0 CWE: CWE-255 View on NVD
Medium

CVE-2014-4008

SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.

CVSS: 5.0 CWE: CWE-255 View on NVD
Medium

CVE-2014-4007

The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.

CVSS: 5.0 CWE: CWE-255 View on NVD
Medium

CVE-2014-4006

The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.

CVSS: 5.0 CWE: CWE-255 View on NVD
Medium

CVE-2014-4005

SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.

CVSS: 5.0 CWE: CWE-255 View on NVD
Medium

CVE-2014-4004

The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.

CVSS: 5.0 CWE: CWE-255 View on NVD
2014-05-22
Low

CVE-2014-2350

Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrat…

CVSS: 2.4 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Medium

CVE-2014-2349

Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrat…

CVSS: 6.2 CWE: CWE-285 - Improper Authorization View on NVD
2014-05-17
Medium

CVE-2013-7382

VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to o…

CVSS: 5.0 CWE: CWE-255 View on NVD
2014-04-15
High

CVE-2014-0354

The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login ac…

CVSS: 7.8 CWE: CWE-255 View on NVD
2014-04-10
High

CVE-2014-2752

SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.

CVSS: 7.5 CWE: CWE-255 View on NVD
High

CVE-2014-2751

SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.

CVSS: 7.5 CWE: CWE-255 View on NVD
2014-02-22
Critical

CVE-2014-0709

Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to th…

CVSS: 9.3 CWE: CWE-255 View on NVD
2014-02-14
Critical

CVE-2013-5400

An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local…

CVSS: 10.0 CWE: CWE-255 View on NVD
2014-02-04
Critical

CVE-2014-0329

The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging k…

CVSS: 9.3 CWE: CWE-255 View on NVD
Critical

CVE-2013-6034

The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite termina…

CVSS: 10.0 CWE: CWE-255 View on NVD
2014-01-26
Critical

CVE-2013-7248

Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges,…

CVSS: 10.0 CWE: CWE-255 View on NVD
2013-11-18
Low

CVE-2013-4425

The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtai…

CVSS: 1.9 CWE: CWE-255 View on NVD
2013-10-16
Medium

CVE-2013-5535

The analytics page on Cisco Video Surveillance 4000 IP cameras has hardcoded credentials, which allows remote attackers to watch the video feed by leveraging knowledge of the password, aka Bug IDs CS…

CVSS: 6.4 CWE: CWE-255 View on NVD
2013-10-03
Critical

CVE-2013-0694

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM…

CVSS: 9.0 CWE: CWE-255 View on NVD
2013-09-26
Medium

CVE-2012-4088

The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowl…

CVSS: 4.3 CWE: CWE-255 View on NVD
2013-09-25
Medium

CVE-2013-5934

Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this passwo…

CVSS: 4.0 CWE: CWE-255 View on NVD
2013-09-17
Critical

CVE-2013-3612

Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via autho…

CVSS: 10.0 CWE: CWE-255 View on NVD
2013-07-18
Medium

CVE-2013-4876

The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a…

CVSS: 6.2 CWE: CWE-255 View on NVD
2013-03-11
Critical

CVE-2012-4702

360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root account, which makes it easier for remote attackers to execute arbitrary code, or modify video conten…

CVSS: 10.0 CWE: CWE-255 View on NVD
2012-12-23
Critical

CVE-2012-6428

The Carlo Gavazzi EOS-Box stores hard-coded passwords in the PHP file of the device. By using the hard-coded passwords, attackers can log into the device with administrative privileges. This coul…

CVSS: 10.0 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2012-11-23
Critical

CVE-2012-5862

These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. Th…

CVSS: 10.0 CWE: CWE-259 - Use of Hard-coded Password View on NVD
2012-10-20
High

CVE-2012-4933

The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (…

CVSS: 7.8 CWE: CWE-255 View on NVD
2012-09-04
High

CVE-2012-3014

The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileg…

CVSS: 7.7 CWE: CWE-255 View on NVD
2012-08-21
Critical

CVE-2012-4577

The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account,…

CVSS: 10.0 CWE: CWE-255 View on NVD
2012-08-20
Medium

CVE-2012-4362

hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management se…

CVSS: 4.0 CWE: CWE-255 View on NVD
2012-07-17
Medium

CVE-2012-0794

The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easi…

CVSS: 5.0 CWE: CWE-255 View on NVD
2012-05-22
Low

CVE-2012-2567

The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted (1) FTP or (2) HTTP sessio…

CVSS: 2.6 CWE: CWE-255 View on NVD
2012-03-20
Critical

CVE-2012-0402

EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors.

CVSS: 9.3 CWE: CWE-255 View on NVD
2012-02-23
Critical

CVE-2012-1288

The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP sessi…

CVSS: 10.0 CWE: CWE-255 View on NVD
2011-12-17
Critical

CVE-2011-4859

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB…

CVSS: 10.0 CWE: N/A View on NVD
2011-10-16
Critical

CVE-2010-4965

/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by…

CVSS: 9.0 CWE: CWE-255 View on NVD
2010-08-05
High

CVE-2010-2966

The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which…

CVSS: 7.8 CWE: CWE-255 View on NVD
2010-07-22
High

CVE-2010-2772

Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the St…

CVSS: 7.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2010-04-21
High

CVE-2009-4781

TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for rem.accdb, which allows local users to discover credentials via a DBI connection.

CVSS: 7.2 CWE: CWE-255 View on NVD
2010-02-05
High

CVE-2010-0557

IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials.

CVSS: 7.5 CWE: CWE-255 View on NVD
2009-12-30
Critical

CVE-2009-4463

Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration service, which makes it easier for remote attackers to modify network settings and cause a denial of serv…

CVSS: 10.0 CWE: CWE-255 View on NVD
2009-02-19
Low

CVE-2008-6191

Conductor.exe in Intrinsic Swimage Encore before 5.0.1.21 contains a hardcoded password, which might allow local users to decrypt certain .bin files. NOTE: it is not clear whether this issue crosses…

CVSS: 2.1 CWE: CWE-255 View on NVD
2008-04-16
Medium

CVE-2008-1813

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors relate…

CVSS: 6.5 CWE: N/A View on NVD
2008-03-25
Critical

CVE-2008-1160

ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2008-03-04
High

CVE-2008-1079

The outboxWriteUnsent function in FTPThread.class in SendFile.jar for Beehive Software SendFile.NET uses hard-coded credentials for an FTP server, which allows remote attackers to gain privileges.

CVSS: 7.5 CWE: N/A View on NVD
2007-04-16
Medium

CVE-2007-2040

Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform ar…

CVSS: 6.2 CWE: N/A View on NVD