Common Weakness Enumeration

CWE-1392

Allowed

Use of Default Credentials

Abstraction: Base · Status: Incomplete

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

191 vulnerabilities reference this CWE, most recent first.

GHSA-7XW7-HXCM-552F

Vulnerability from github – Published: 2026-07-14 03:31 – Updated: 2026-07-14 03:31
VLAI
Details

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token and invoke certain APIs to read and modify data. Successful exploitation results in high impact on confidentiality and integrity, with no impact on availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-44761"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T01:16:18Z",
    "severity": "CRITICAL"
  },
  "details": "SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token and invoke certain APIs to read and modify data. Successful exploitation results in high impact on confidentiality and integrity, with no impact on availability.",
  "id": "GHSA-7xw7-hxcm-552f",
  "modified": "2026-07-14T03:31:37Z",
  "published": "2026-07-14T03:31:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44761"
    },
    {
      "type": "WEB",
      "url": "https://me.sap.com/notes/3753495"
    },
    {
      "type": "WEB",
      "url": "https://url.sap/sapsecuritypatchday"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-84Q3-XPXQ-862H

Vulnerability from github – Published: 2026-01-26 12:30 – Updated: 2026-01-26 12:30
VLAI
Details

By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59108"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-26T10:16:08Z",
    "severity": "CRITICAL"
  },
  "details": "By default, the password for the Access Manager\u0027s web interface, is set to \u0027admin\u0027. In the tested version changing the password was not enforced.",
  "id": "GHSA-84q3-xpxq-862h",
  "modified": "2026-01-26T12:30:29Z",
  "published": "2026-01-26T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59108"
    },
    {
      "type": "WEB",
      "url": "https://r.sec-consult.com/dkaccess"
    },
    {
      "type": "WEB",
      "url": "https://r.sec-consult.com/dormakaba"
    },
    {
      "type": "WEB",
      "url": "https://www.dormakabagroup.com/en/security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8PRV-26X4-96JV

Vulnerability from github – Published: 2025-03-18 21:32 – Updated: 2025-03-25 18:30
VLAI
Details

An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials that cannot be changed. This allows any nearby attacker to connect to the dashcam's network without restriction. Once connected, an attacker can sniff on connected devices such as the user's smartphone. The SSID is also always broadcasted.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-30139"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-18T20:15:26Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials that cannot be changed. This allows any nearby attacker to connect to the dashcam\u0027s network without restriction. Once connected, an attacker can sniff on connected devices such as the user\u0027s smartphone. The SSID is also always broadcasted.",
  "id": "GHSA-8prv-26x4-96jv",
  "modified": "2025-03-25T18:30:52Z",
  "published": "2025-03-18T21:32:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30139"
    },
    {
      "type": "WEB",
      "url": "https://github.com/geo-chen/GNET"
    },
    {
      "type": "WEB",
      "url": "https://www.gnetsystem.com/eng/product/list?viewMode=view\u0026idx=246\u0026ca_id=0201"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-92J2-68JJ-9753

Vulnerability from github – Published: 2025-09-22 18:30 – Updated: 2025-09-22 18:30
VLAI
Details

Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of this account. Fixed in 10.2.35, 11.0.21, and 11.1.9.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-35042"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-22T16:15:42Z",
    "severity": "CRITICAL"
  },
  "details": "Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of this account. Fixed in 10.2.35, 11.0.21, and 11.1.9.",
  "id": "GHSA-92j2-68jj-9753",
  "modified": "2025-09-22T18:30:36Z",
  "published": "2025-09-22T18:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35042"
    },
    {
      "type": "WEB",
      "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-265-01.json"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-35042"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-9589-RVQC-62CG

Vulnerability from github – Published: 2025-05-13 15:32 – Updated: 2025-05-13 15:32
VLAI
Details

Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-22460"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-13T15:15:54Z",
    "severity": "HIGH"
  },
  "details": "Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.",
  "id": "GHSA-9589-rvqc-62cg",
  "modified": "2025-05-13T15:32:16Z",
  "published": "2025-05-13T15:32:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22460"
    },
    {
      "type": "WEB",
      "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CVE-2025-22460"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-96RJ-GH8X-QX24

Vulnerability from github – Published: 2025-08-26 00:31 – Updated: 2025-08-26 18:31
VLAI
Details

DASAN GPON ONU H660WM OS version H660WMR210825 Hardware version DS-E5-583-A1 was discovered to contain insecure default credentials in the modem's control panel.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-29525"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-25T15:15:38Z",
    "severity": "MODERATE"
  },
  "details": "DASAN GPON ONU H660WM OS version H660WMR210825 Hardware version DS-E5-583-A1 was discovered to contain insecure default credentials in the modem\u0027s control panel.",
  "id": "GHSA-96rj-gh8x-qx24",
  "modified": "2025-08-26T18:31:15Z",
  "published": "2025-08-26T00:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29525"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/stevenyu113228/20ecc24a10e2b1b7038634b838503d7c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-97QG-QG86-6RPM

Vulnerability from github – Published: 2024-08-17 18:30 – Updated: 2024-09-27 03:30
VLAI
Details

A vulnerability classified as critical was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7898"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-17T18:15:04Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as critical was found in Tosei Online Store Management System \u30cd\u30c3\u30c8\u5e97\u8217\u7ba1\u7406\u30b7\u30b9\u30c6\u30e0 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-97qg-qg86-6rpm",
  "modified": "2024-09-27T03:30:28Z",
  "published": "2024-08-17T18:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7898"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/b0rgch3n/3136cad95b09e42184fb2d78aae33651"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.274906"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.274906"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.386560"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-9MXP-RQ8M-QQ98

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-02 18:31
VLAI
Details

IBM Operations Analytics - Log Analysis  and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-7365"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:17:35Z",
    "severity": "HIGH"
  },
  "details": "IBM Operations Analytics - Log Analysis\u00a0 and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication.",
  "id": "GHSA-9mxp-rq8m-qq98",
  "modified": "2026-06-02T18:31:25Z",
  "published": "2026-05-27T15:33:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7365"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7272268"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C72V-JM37-87FQ

Vulnerability from github – Published: 2025-10-16 18:30 – Updated: 2025-11-03 21:34
VLAI
Details

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-34516"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-16T18:15:36Z",
    "severity": "CRITICAL"
  },
  "details": "Ilevia\u00a0EVE X1 Server firmware versions \u2264 4.7.18.0.eden contain a use of default credentials vulnerability\u00a0that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.",
  "id": "GHSA-c72v-jm37-87fq",
  "modified": "2025-11-03T21:34:36Z",
  "published": "2025-10-16T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34516"
    },
    {
      "type": "WEB",
      "url": "https://www.ilevia.com"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/ilevia-eve-x1-server-use-of-default-credentials"
    },
    {
      "type": "WEB",
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5963.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-C938-5XGG-M9F4

Vulnerability from github – Published: 2025-06-26 21:31 – Updated: 2025-06-26 21:31
VLAI
Details

A vulnerability was found in 70mai M300 up to 20250611 and classified as critical. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6529"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1392"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-23T23:15:23Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in 70mai M300 up to 20250611 and classified as critical. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-c938-5xgg-m9f4",
  "modified": "2025-06-26T21:31:03Z",
  "published": "2025-06-26T21:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6529"
    },
    {
      "type": "WEB",
      "url": "https://github.com/geo-chen/70mai/blob/main/README.md#finding-7-remotely-upload-malicious-files-and-execute-code"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.313646"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.313646"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.595450"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Requirements

Prohibit use of default, hard-coded, or other values that do not vary for each installation of the product - especially for separate organizations.

Mitigation
Architecture and Design

Force the administrator to change the credential upon installation.

Mitigation
Installation Operation

The product administrator could change the defaults upon installation or during operation.

No CAPEC attack patterns related to this CWE.