Common Weakness Enumeration

CWE-1392

Allowed

Use of Default Credentials

Abstraction: Base · Status: Incomplete

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

191 vulnerabilities reference this CWE, most recent first.

GHSA-3C2H-8XMC-2258

Vulnerability from github – Published: 2025-11-19 15:31 – Updated: 2025-11-19 15:31
VLAI
Details

Legacy Vivotek Device firmware uses default credetials for the root and user login accounts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-12592"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-19T13:15:51Z",
    "severity": "CRITICAL"
  },
  "details": "Legacy Vivotek Device firmware uses default credetials for the root and user login accounts.",
  "id": "GHSA-3c2h-8xmc-2258",
  "modified": "2025-11-19T15:31:39Z",
  "published": "2025-11-19T15:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12592"
    },
    {
      "type": "WEB",
      "url": "https://www.akamai.com/blog/security-research/rce-zero-day-in-legacy-vivotek-firmware"
    },
    {
      "type": "WEB",
      "url": "http://www.vapidlabs.com/advisory.php?v=219"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3CRJ-9596-945W

Vulnerability from github – Published: 2025-12-31 00:31 – Updated: 2025-12-31 00:31
VLAI
Details

JM-DATA ONU JF511-TV version 1.0.67 uses default credentials that allow attackers to gain unauthorized access to the device with administrative privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-30T23:15:47Z",
    "severity": "CRITICAL"
  },
  "details": "JM-DATA ONU JF511-TV version 1.0.67 uses default credentials that allow attackers to gain unauthorized access to the device with administrative privileges.",
  "id": "GHSA-3crj-9596-945w",
  "modified": "2025-12-31T00:31:10Z",
  "published": "2025-12-31T00:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50803"
    },
    {
      "type": "WEB",
      "url": "https://cxsecurity.com/issue/WLB-2022060058"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229344"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/167487"
    },
    {
      "type": "WEB",
      "url": "https://www.jm-data.com"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/jm-data-onu-jf-tv-default-credentials-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3H3M-9W6M-92HW

Vulnerability from github – Published: 2025-06-02 18:30 – Updated: 2025-06-02 21:30
VLAI
Details

Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-40113"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-02T16:15:27Z",
    "severity": "MODERATE"
  },
  "details": "Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials.",
  "id": "GHSA-3h3m-9w6m-92hw",
  "modified": "2025-06-02T21:30:24Z",
  "published": "2025-06-02T18:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40113"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Emm448/vulnerability-research/tree/main/CVE-2024-40113"
    },
    {
      "type": "WEB",
      "url": "http://www.sitecomlearningcentre.com/products/wlx-2006v1001/wi-fi-range-extender-n300/downloads"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-47HM-HWG5-7M57

Vulnerability from github – Published: 2025-10-19 21:30 – Updated: 2025-10-19 21:30
VLAI
Details

A vulnerability has been found in 70mai X200 up to 20251010. Affected by this vulnerability is an unknown functionality of the component HTTP Web Server. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-11943"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-19T20:15:36Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in 70mai X200 up to 20251010. Affected by this vulnerability is an unknown functionality of the component HTTP Web Server. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-47hm-hwg5-7m57",
  "modified": "2025-10-19T21:30:24Z",
  "published": "2025-10-19T21:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11943"
    },
    {
      "type": "WEB",
      "url": "https://github.com/geo-chen/70mai/blob/main/README.md#finding-10-exposed-root-password-via-unauthenticated-http-server"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.329022"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.329022"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.672521"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-4HPF-94W8-JPMF

Vulnerability from github – Published: 2024-01-09 12:30 – Updated: 2024-01-09 12:30
VLAI
Details

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-49621"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-09T10:15:20Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability has been identified in SIMATIC CN 4100 (All versions \u003c V2.7). The \"intermediate installation\" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device.",
  "id": "GHSA-4hpf-94w8-jpmf",
  "modified": "2024-01-09T12:30:36Z",
  "published": "2024-01-09T12:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49621"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-777015.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4QGH-QG2J-6VJW

Vulnerability from github – Published: 2026-06-11 21:31 – Updated: 2026-06-11 21:31
VLAI
Details

Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-50005"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-11T21:16:22Z",
    "severity": "HIGH"
  },
  "details": "Brickcom cameras\nship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.",
  "id": "GHSA-4qgh-qg2j-6vjw",
  "modified": "2026-06-11T21:31:57Z",
  "published": "2026-06-11T21:31:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50005"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-03.json"
    },
    {
      "type": "WEB",
      "url": "https://www.brickcom.com/case"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-52FW-VG2V-RC9P

Vulnerability from github – Published: 2024-04-12 18:33 – Updated: 2024-04-12 18:33
VLAI
Details

IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-30210"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-12T16:15:36Z",
    "severity": "HIGH"
  },
  "details": "IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.\n\n",
  "id": "GHSA-52fw-vg2v-rc9p",
  "modified": "2024-04-12T18:33:26Z",
  "published": "2024-04-12T18:33:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30210"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-093-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-55VH-3864-H8C8

Vulnerability from github – Published: 2025-03-18 00:30 – Updated: 2025-03-18 00:30
VLAI
Details

A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been rated as critical. This issue affects some unknown processing of the component CLI su Command Handler. The manipulation leads to use of default credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2398"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-17T22:15:15Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been rated as critical. This issue affects some unknown processing of the component CLI su Command Handler. The manipulation leads to use of default credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-55vh-3864-h8c8",
  "modified": "2025-03-18T00:30:37Z",
  "published": "2025-03-18T00:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2398"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Fizz-L/Vulnerability-report/blob/main/Unauthorized%20access%20to%20execute%20the%20telnet%20command.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.299897"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.299897"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-5CWQ-67P7-H8HR

Vulnerability from github – Published: 2026-02-15 18:30 – Updated: 2026-02-15 18:30
VLAI
Details

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitive smart home configuration and control functions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-26366"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-15T16:15:53Z",
    "severity": "CRITICAL"
  },
  "details": "eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitive smart home configuration and control functions.",
  "id": "GHSA-5cwq-67p7-h8hr",
  "modified": "2026-02-15T18:30:23Z",
  "published": "2026-02-15T18:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26366"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/jung-enet-smart-home-server-use-of-default-credent"
    },
    {
      "type": "WEB",
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5972.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-5FPV-5QVH-7CF3

Vulnerability from github – Published: 2025-07-21 19:53 – Updated: 2025-07-23 13:36
VLAI
Summary
NodeJS version of the HAX CMS application is distributed with Default Secrets
Details

Summary

The NodeJS version of the HAX CMS application is distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change credentials or secrets during installation, and there is no way to change them through the UI.

Affected Resources

Impact

An unauthenticated attacker can read the default user credentials and JWT private keys from the public haxtheweb GitHub repositories. These credentials and keys can be used to access unconfigured self-hosted instances of the application, modify sites, and perform further attacks.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@haxtheweb/haxcms-nodejs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "11.0.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-54137"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-21T19:53:51Z",
    "nvd_published_at": "2025-07-22T22:15:38Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nThe NodeJS version of the HAX CMS application is distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren\u0027t prompted to change credentials or secrets during installation, and there is no way to change them through the UI.\n\n### Affected Resources\n\n- [HAXCMS.js](https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/lib/HAXCMS.js#L1614) HAXCMSClass\n\n### Impact\n\nAn unauthenticated attacker can read the default user credentials and JWT private keys from the public haxtheweb GitHub repositories. These credentials and keys can be used to access unconfigured self-hosted instances of the application, modify sites, and perform further attacks.",
  "id": "GHSA-5fpv-5qvh-7cf3",
  "modified": "2025-07-23T13:36:55Z",
  "published": "2025-07-21T19:53:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/haxtheweb/issues/security/advisories/GHSA-5fpv-5qvh-7cf3"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54137"
    },
    {
      "type": "WEB",
      "url": "https://github.com/haxtheweb/haxcms-nodejs/commit/6dc2441c876350ca6fe9fbaecb058d92ef442869"
    },
    {
      "type": "WEB",
      "url": "https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/lib/HAXCMS.js#L1614"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/haxtheweb/issues"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "NodeJS version of the HAX CMS application is distributed with Default Secrets"
}

Mitigation
Requirements

Prohibit use of default, hard-coded, or other values that do not vary for each installation of the product - especially for separate organizations.

Mitigation
Architecture and Design

Force the administrator to change the credential upon installation.

Mitigation
Installation Operation

The product administrator could change the defaults upon installation or during operation.

No CAPEC attack patterns related to this CWE.