CWE-1391: CWE-1391
Yearly Trend
Top Affected Vendors
All CWE-1391 CVEs (22)
OpenMQ's management service ships with default admin credentials (admin/admin) that are never forced to change, allowing remote attackers who can reac...
Mar 3, 2026Dover Fueling Solutions ProGauge MagLink LX4 devices have hardcoded default root credentials that cannot be changed through normal administrative inte...
Sep 18, 2025This vulnerability allows attackers to gain administrative access to Partner Software Product and Partner Web application using publicly known default...
Aug 2, 2025This vulnerability in Kieback & Peter's DDC4000 series building automation controllers allows unauthenticated attackers to gain full administrative ac...
Oct 22, 2024ZTE Japan's ZXHN-F660T and ZXHN-F660A routers use a hardcoded credential shared across all installations, allowing attackers with knowledge of this cr...
Jul 31, 2025This vulnerability allows local users on Windows systems to escalate privileges to SYSTEM by exploiting weak permissions in a temporary folder used du...
Jul 28, 2024This vulnerability in Bosch security systems allows attackers to access sensitive data or achieve remote code execution with root privileges. It affec...
Jan 10, 2024This CVE describes an improper privilege management vulnerability in ABB's ASPECT-Enterprise, NEXUS Series, and MATRIX Series products running on Linu...
Jun 5, 2023This vulnerability allows attackers to forge authentication tokens by exploiting a static AES-128 encryption key shared across all installations. Atta...
Mar 13, 2025This vulnerability allows attackers to gain unauthorized access to affected devices by using weak, publicly known default passwords on hidden user acc...
Jan 15, 2026This vulnerability affects systems deployed with default configurations that don't follow security best practices for access restrictions. It allows u...
Oct 27, 2025This vulnerability allows remote attackers to guess the initial administrator password on affected SEIKO EPSON and FUJIFILM products using information...
Aug 7, 2025The Tenda CP3 Pro router firmware has an insecure permissions vulnerability that enables the telnet service by default at boot, allowing remote attack...
Jul 9, 2025This vulnerability in Ruijie Reyee OS allows attackers to easily calculate MQTT credentials due to weak credential mechanisms. Affected systems includ...
Dec 6, 2024This vulnerability in Securden's Unified PAM allows attackers to obtain authentication material from the Remote Vendor Gateway due to shared infrastru...
Aug 25, 2025A weak credential vulnerability in Firewalla Box Software allows physically proximate attackers to use the device's license UUID to provision SSH cred...
Aug 12, 2024Rocket.Chat Mobile apps before version 4.5.1 generate weak end-to-end encryption (E2EE) passwords with insufficient entropy, making them vulnerable to...
Oct 7, 2024This vulnerability allows remote attackers to obtain the default WiFi password on affected Smartcom Bulgaria routers due to a weak password generation...
Feb 6, 2025A vulnerability in ActiveMQ Artemis allows password reuse across separate Custom Resource dependencies when generated by the activemq-artemis-operator...
May 26, 2025This vulnerability allows attackers to calculate initial administrative passwords for affected ELECOM wireless routers using publicly available system...
Feb 3, 2026This vulnerability affects devices where passwords are stored without proper salting, allowing attackers to more easily extract and crack passwords th...
Jan 15, 2026This vulnerability allows attackers to gain SSH access to Dormakaba Access Manager 92xx devices (hardware revision K7) using hardcoded weak credential...
Jan 26, 2026About CWE-1391 (CWE-1391)
Our database tracks 22 CVEs classified as CWE-1391, with 4 rated critical and 12 rated high severity. The average CVSS score for CWE-1391 vulnerabilities is 7.5.
External reference: View CWE-1391 on MITRE CWE →
Monitor CWE-1391 Vulnerabilities
Get alerted when new CWE-1391 CVEs affect your infrastructure.
Start Monitoring Free