CVE-2007-1063

HIGH Year: 2007
CVSS v2 Score
10.0
Critical
Weakness Type
CWE-798
View all →

Vulnerability Description

The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device.

Related Vulnerabilities

CVE-2023-20512

LOW
CVSS:1.9(Low)

A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage.

CWE-7982023

CVE-2013-3542

CRITICAL
CVSS:10.0(Critical)

Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded a...

CWE-7982013

CVE-2016-8717

CRITICAL
CVSS:10.0(Critical)

An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (ro...

CWE-7982016

CVE-2018-0222

CRITICAL
CVSS:10.0(Critical)

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, ...

CWE-7982018

CVE-2018-5551

CRITICAL
CVSS:10.0(Critical)

Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contain three credentials with known passwords: QDMaster, OTMaster, and sa.

CWE-7982018

CVE-2020-1614

CRITICAL
CVSS:10.0(Critical)

A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if the...

CWE-7982020