CWE-1392
AllowedUse of Default Credentials
Abstraction: Base · Status: Incomplete
The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
191 vulnerabilities reference this CWE, most recent first.
GHSA-3C2H-8XMC-2258
Vulnerability from github – Published: 2025-11-19 15:31 – Updated: 2025-11-19 15:31Legacy Vivotek Device firmware uses default credetials for the root and user login accounts.
{
"affected": [],
"aliases": [
"CVE-2025-12592"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-19T13:15:51Z",
"severity": "CRITICAL"
},
"details": "Legacy Vivotek Device firmware uses default credetials for the root and user login accounts.",
"id": "GHSA-3c2h-8xmc-2258",
"modified": "2025-11-19T15:31:39Z",
"published": "2025-11-19T15:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12592"
},
{
"type": "WEB",
"url": "https://www.akamai.com/blog/security-research/rce-zero-day-in-legacy-vivotek-firmware"
},
{
"type": "WEB",
"url": "http://www.vapidlabs.com/advisory.php?v=219"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red",
"type": "CVSS_V4"
}
]
}
GHSA-3CRJ-9596-945W
Vulnerability from github – Published: 2025-12-31 00:31 – Updated: 2025-12-31 00:31JM-DATA ONU JF511-TV version 1.0.67 uses default credentials that allow attackers to gain unauthorized access to the device with administrative privileges.
{
"affected": [],
"aliases": [
"CVE-2022-50803"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-30T23:15:47Z",
"severity": "CRITICAL"
},
"details": "JM-DATA ONU JF511-TV version 1.0.67 uses default credentials that allow attackers to gain unauthorized access to the device with administrative privileges.",
"id": "GHSA-3crj-9596-945w",
"modified": "2025-12-31T00:31:10Z",
"published": "2025-12-31T00:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50803"
},
{
"type": "WEB",
"url": "https://cxsecurity.com/issue/WLB-2022060058"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229344"
},
{
"type": "WEB",
"url": "https://packetstormsecurity.com/files/167487"
},
{
"type": "WEB",
"url": "https://www.jm-data.com"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/jm-data-onu-jf-tv-default-credentials-vulnerability"
},
{
"type": "WEB",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3H3M-9W6M-92HW
Vulnerability from github – Published: 2025-06-02 18:30 – Updated: 2025-06-02 21:30Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials.
{
"affected": [],
"aliases": [
"CVE-2024-40113"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-02T16:15:27Z",
"severity": "MODERATE"
},
"details": "Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials.",
"id": "GHSA-3h3m-9w6m-92hw",
"modified": "2025-06-02T21:30:24Z",
"published": "2025-06-02T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40113"
},
{
"type": "WEB",
"url": "https://github.com/Emm448/vulnerability-research/tree/main/CVE-2024-40113"
},
{
"type": "WEB",
"url": "http://www.sitecomlearningcentre.com/products/wlx-2006v1001/wi-fi-range-extender-n300/downloads"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-47HM-HWG5-7M57
Vulnerability from github – Published: 2025-10-19 21:30 – Updated: 2025-10-19 21:30A vulnerability has been found in 70mai X200 up to 20251010. Affected by this vulnerability is an unknown functionality of the component HTTP Web Server. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-11943"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-19T20:15:36Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in 70mai X200 up to 20251010. Affected by this vulnerability is an unknown functionality of the component HTTP Web Server. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-47hm-hwg5-7m57",
"modified": "2025-10-19T21:30:24Z",
"published": "2025-10-19T21:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11943"
},
{
"type": "WEB",
"url": "https://github.com/geo-chen/70mai/blob/main/README.md#finding-10-exposed-root-password-via-unauthenticated-http-server"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.329022"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.329022"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.672521"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4HPF-94W8-JPMF
Vulnerability from github – Published: 2024-01-09 12:30 – Updated: 2024-01-09 12:30A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device.
{
"affected": [],
"aliases": [
"CVE-2023-49621"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-09T10:15:20Z",
"severity": "CRITICAL"
},
"details": "A vulnerability has been identified in SIMATIC CN 4100 (All versions \u003c V2.7). The \"intermediate installation\" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device.",
"id": "GHSA-4hpf-94w8-jpmf",
"modified": "2024-01-09T12:30:36Z",
"published": "2024-01-09T12:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49621"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-777015.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4QGH-QG2J-6VJW
Vulnerability from github – Published: 2026-06-11 21:31 – Updated: 2026-06-11 21:31Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.
{
"affected": [],
"aliases": [
"CVE-2026-50005"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-11T21:16:22Z",
"severity": "HIGH"
},
"details": "Brickcom cameras\nship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.",
"id": "GHSA-4qgh-qg2j-6vjw",
"modified": "2026-06-11T21:31:57Z",
"published": "2026-06-11T21:31:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50005"
},
{
"type": "WEB",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-03.json"
},
{
"type": "WEB",
"url": "https://www.brickcom.com/case"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-03"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-52FW-VG2V-RC9P
Vulnerability from github – Published: 2024-04-12 18:33 – Updated: 2024-04-12 18:33IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.
{
"affected": [],
"aliases": [
"CVE-2024-30210"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-12T16:15:36Z",
"severity": "HIGH"
},
"details": "IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.\n\n",
"id": "GHSA-52fw-vg2v-rc9p",
"modified": "2024-04-12T18:33:26Z",
"published": "2024-04-12T18:33:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30210"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-093-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-55VH-3864-H8C8
Vulnerability from github – Published: 2025-03-18 00:30 – Updated: 2025-03-18 00:30A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been rated as critical. This issue affects some unknown processing of the component CLI su Command Handler. The manipulation leads to use of default credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-2398"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-17T22:15:15Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been rated as critical. This issue affects some unknown processing of the component CLI su Command Handler. The manipulation leads to use of default credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-55vh-3864-h8c8",
"modified": "2025-03-18T00:30:37Z",
"published": "2025-03-18T00:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2398"
},
{
"type": "WEB",
"url": "https://github.com/Fizz-L/Vulnerability-report/blob/main/Unauthorized%20access%20to%20execute%20the%20telnet%20command.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.299897"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.299897"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5CWQ-67P7-H8HR
Vulnerability from github – Published: 2026-02-15 18:30 – Updated: 2026-02-15 18:30eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitive smart home configuration and control functions.
{
"affected": [],
"aliases": [
"CVE-2026-26366"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-15T16:15:53Z",
"severity": "CRITICAL"
},
"details": "eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitive smart home configuration and control functions.",
"id": "GHSA-5cwq-67p7-h8hr",
"modified": "2026-02-15T18:30:23Z",
"published": "2026-02-15T18:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26366"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/jung-enet-smart-home-server-use-of-default-credent"
},
{
"type": "WEB",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5972.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5FPV-5QVH-7CF3
Vulnerability from github – Published: 2025-07-21 19:53 – Updated: 2025-07-23 13:36Summary
The NodeJS version of the HAX CMS application is distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change credentials or secrets during installation, and there is no way to change them through the UI.
Affected Resources
- HAXCMS.js HAXCMSClass
Impact
An unauthenticated attacker can read the default user credentials and JWT private keys from the public haxtheweb GitHub repositories. These credentials and keys can be used to access unconfigured self-hosted instances of the application, modify sites, and perform further attacks.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@haxtheweb/haxcms-nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "11.0.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-54137"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-21T19:53:51Z",
"nvd_published_at": "2025-07-22T22:15:38Z",
"severity": "HIGH"
},
"details": "### Summary\n\nThe NodeJS version of the HAX CMS application is distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren\u0027t prompted to change credentials or secrets during installation, and there is no way to change them through the UI.\n\n### Affected Resources\n\n- [HAXCMS.js](https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/lib/HAXCMS.js#L1614) HAXCMSClass\n\n### Impact\n\nAn unauthenticated attacker can read the default user credentials and JWT private keys from the public haxtheweb GitHub repositories. These credentials and keys can be used to access unconfigured self-hosted instances of the application, modify sites, and perform further attacks.",
"id": "GHSA-5fpv-5qvh-7cf3",
"modified": "2025-07-23T13:36:55Z",
"published": "2025-07-21T19:53:51Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/haxtheweb/issues/security/advisories/GHSA-5fpv-5qvh-7cf3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54137"
},
{
"type": "WEB",
"url": "https://github.com/haxtheweb/haxcms-nodejs/commit/6dc2441c876350ca6fe9fbaecb058d92ef442869"
},
{
"type": "WEB",
"url": "https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/lib/HAXCMS.js#L1614"
},
{
"type": "PACKAGE",
"url": "https://github.com/haxtheweb/issues"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "NodeJS version of the HAX CMS application is distributed with Default Secrets"
}
Mitigation
Prohibit use of default, hard-coded, or other values that do not vary for each installation of the product - especially for separate organizations.
Mitigation
Force the administrator to change the credential upon installation.
Mitigation
The product administrator could change the defaults upon installation or during operation.
No CAPEC attack patterns related to this CWE.