VYPR

CWE-798

Use of Hard-coded Credentials

BaseDraftLikelihood: High

Description

The product contains hard-coded credentials, such as a password or cryptographic key.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-191 · CAPEC-70

CVEs mapped to this weakness (556)

page 8 of 28
  • CVE-2017-11632CriFeb 26, 2018
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on Wireless IP Camera 360 devices. A root account with a known SHA-512 password hash exists, which makes it easier for remote attackers to obtain administrative access via a TELNET session.

  • CVE-2014-3205CriFeb 23, 2018
    risk 0.64cvss 9.8epss 0.03

    backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.

  • CVE-2015-9254CriFeb 20, 2018
    risk 0.64cvss 9.8epss 0.01

    Datto ALTO and SIRIS devices have a default VNC password.

  • CVE-2018-6825CriFeb 9, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access.

  • CVE-2012-2166CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.03

    IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041.

  • CVE-2018-6387CriJan 29, 2018
    risk 0.64cvss 9.8epss 0.02

    iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account.

  • CVE-2017-1204CriJan 26, 2018
    risk 0.64cvss 9.8epss 0.02

    IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740.

  • CVE-2014-8579CriJan 5, 2018
    risk 0.64cvss 9.8epss 0.02

    TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session.

  • CVE-2017-17107CriDec 19, 2017
    risk 0.64cvss 9.8epss 0.04

    Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session.

  • CVE-2017-3186CriDec 16, 2017
    risk 0.64cvss 9.8epss 0.06

    ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.

  • CVE-2017-3184CriDec 16, 2017
    risk 0.64cvss 9.8epss 0.06

    ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the…

  • CVE-2017-14374CriDec 6, 2017
    risk 0.64cvss 9.8epss 0.01

    The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and…

  • CVE-2017-14027CriNov 1, 2017
    risk 0.64cvss 9.8epss 0.03

    A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC…

  • CVE-2017-14021CriNov 1, 2017
    risk 0.64cvss 9.8epss 0.02

    A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d,…

  • CVE-2017-15909CriOct 26, 2017
    risk 0.64cvss 9.8epss 0.02

    D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access.

  • CVE-2017-12860CriOct 10, 2017
    risk 0.64cvss 9.8epss 0.03

    The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector…

  • CVE-2017-9957CriSep 26, 2017
    risk 0.64cvss 9.8epss 0.02

    A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials.

  • CVE-2017-12928CriSep 21, 2017
    risk 0.64cvss 9.8epss 0.03

    A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials.

  • CVE-2017-8772CriSep 20, 2017
    risk 0.64cvss 9.8epss 0.01

    On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Read the entire file system; 2. Write to the file system; or 3. Execute any code that attacker desires…

  • CVE-2017-8771CriSep 20, 2017
    risk 0.64cvss 9.8epss 0.01

    On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). The attacker can make a user that is connected to the repeater click on a malicious link that will log into the…