Login Sign Up

CWE-1392: CWE-1392

54
Total CVEs
16
Critical
26
High
8.0
Avg CVSS

Yearly Trend

2026
8
2025
25
2024
18
2023
3

Top Affected Vendors

1 Dell 2
2 Craws 1
3 Tattile 1
4 Azure Access 1
5 Eladmin 1
6 Airship.ai 1
7 Dlink 1
8 Qbittorrent 1
9 Ibm 1
10 Sitecom 1

All CWE-1392 CVEs (54)

CVE-2023-3703
10.0

Proscend ICR Series routers with firmware version 1.76 have default administrative credentials that cannot be changed. This allows attackers to gain f...

Sep 3, 2023
CVE-2026-26341
9.8

Tattile Smart+, Vega, and Basic device families ship with default administrative credentials that cannot be changed during initial setup. Attackers wh...

Feb 24, 2026
CVE-2026-26366
9.8

eNet SMART HOME server versions 2.2.1 and 2.3.1 ship with active default credentials (user:user, admin:admin) that don't require password changes duri...

Feb 15, 2026
CVE-2022-50803
9.8

JM-DATA ONU JF511-TV devices running version 1.0.67 have hardcoded default administrative credentials that cannot be changed. Attackers can use these ...

Dec 30, 2025
CVE-2025-54303
9.8

Thermo Fisher Torrent Suite 5.18.1 uses weak default credentials (ionadmin/ionadmin) for administrative accounts, allowing attackers to gain full admi...

Dec 4, 2025
CVE-2025-34516
9.8

Ilevia EVE X1 Server firmware versions up to 4.7.18.0.eden contain hardcoded default credentials that allow unauthenticated remote attackers to gain a...

Oct 16, 2025
CVE-2025-10542
9.8

iMonitor EAM 9.6394 ships with hardcoded default administrative credentials that are visible in the management interface. If administrators don't chan...

Sep 25, 2025
CVE-2025-35042
9.8

Airship AI Acropolis uses a default administrative account with identical hardcoded credentials across all installations. Attackers can remotely log i...

Sep 22, 2025
CVE-2025-30139
9.8

G-Net Dashcam BB GONX devices have hardcoded default Wi-Fi credentials that cannot be changed, allowing nearby attackers to connect to the dashcam's n...

Mar 18, 2025
CVE-2024-12286
9.8

CVE-2024-12286 allows attackers to gain SSH access to MOBATIME Network Master Clock DTS 4801 devices using default credentials. This affects organizat...

Dec 10, 2024
CVE-2024-7746
9.8

CVE-2024-7746 is a critical authentication bypass vulnerability in Tananaev Solutions Traccar Server that allows attackers to access the administrator...

Aug 13, 2024
CVE-2024-29844
9.8

CVE-2024-29844 is a critical authentication bypass vulnerability in Evolution Controller 2.x web interface that allows attackers to log in using defau...

Apr 15, 2024
CVE-2023-30801
9.8

CVE-2023-30801 is a critical vulnerability in qBittorrent where the web interface uses default credentials (admin:adminadmin) that cannot be changed d...

Oct 10, 2023
CVE-2023-30603
9.8

The Hitron CODA-5310 router has a critical vulnerability where Telnet service uses default credentials with no password change prompt. Unauthenticated...

Jun 2, 2023
CVE-2025-12217
9.1

This vulnerability involves BLU-IC2 and BLU-IC4 devices using the default SNMP community string 'public', which allows unauthorized access to SNMP ser...

Oct 25, 2025
CVE-2025-51535
9.1

OpenAtlas v8.11.0 contains an unrestricted SQL console in the admin UI that allows authenticated administrators to execute arbitrary SQL queries. This...

Aug 4, 2025
CVE-2026-22273
8.8

Dell ECS and ObjectScale systems contain default credentials that allow low-privileged attackers with remote access to elevate privileges. This affect...

Jan 23, 2026
CVE-2025-6529
8.8

The 70mai M300 dash cam has a critical vulnerability where its Telnet service uses default credentials, allowing attackers on the same local network t...

Jun 23, 2025
CVE-2024-4007
8.8

This vulnerability involves default credentials in ABB ASPECT, NEXUS, and MATRIX Series version 3.07 install packages. Attackers can exploit this to l...

Jul 1, 2024
CVE-2024-28093
8.8

The TELNET service on AdTran NetVanta 3120 devices is enabled by default with root-level default credentials, allowing attackers to gain administrativ...

Mar 26, 2024
CVE-2024-6788
8.6

An unauthenticated attacker on the local network can exploit the firmware update feature to reset the password for the low-privileged 'user-app' accou...

Aug 13, 2024
CVE-2024-12902
8.4

This vulnerability allows attackers to remotely log into ANCHOR virtual machines using default credentials on high-privilege service accounts. Organiz...

Dec 23, 2024
CVE-2024-39584
8.2

Dell Client Platform BIOS contains a vulnerability where default cryptographic keys are used, allowing a high-privileged attacker with local access to...

Aug 28, 2024
CVE-2026-1803
8.1

This vulnerability in Ziroom ZHOME A0101 devices allows attackers to gain unauthorized access via SSH using default credentials in the Dropbear SSH se...

Feb 3, 2026
CVE-2025-5124
8.1

This critical vulnerability in Sony network camera models allows attackers to gain administrative access using default credentials. The attack can be ...

May 24, 2025
CVE-2024-39747
8.1

IBM Sterling Connect:Direct Web Services uses default credentials for critical functionality, allowing attackers to gain unauthorized access. This aff...

Aug 31, 2024
CVE-2024-10476
8.0

This vulnerability involves BD Diagnostic Solutions products using default credentials, allowing attackers to access, modify, or delete sensitive data...

Dec 17, 2024
CVE-2025-22460
7.8

This vulnerability allows local authenticated attackers to escalate privileges in Ivanti Cloud Services Application due to default credentials. Attack...

May 13, 2025
CVE-2024-5245
7.8

This vulnerability allows local attackers with low-privileged access to escalate to SYSTEM privileges on NETGEAR ProSAFE Network Management System ins...

May 23, 2024
CVE-2024-12013
7.6

The 130.8005 TCP/IP Gateway with firmware version 12h exposes an FTP server with default admin credentials, allowing remote attackers to access config...

Feb 13, 2025
CVE-2025-35114
7.5

Agiloft Release 28 contains default credential accounts that could allow attackers to escalate privileges locally. The password hash is known and crac...

Aug 26, 2025
CVE-2024-54015
7.5

This vulnerability allows an unauthenticated remote attacker to retrieve sensitive information from affected SIPROTEC 5 devices using SNMPv2 GET reque...

Feb 11, 2025
CVE-2025-23012
7.5

Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials that can be exploited to read local files by manipulat...

Jan 23, 2025
CVE-2024-6245
7.4

This CVE describes a use of default credentials vulnerability in Maruti Suzuki SmartPlay infotainment systems on Linux. Attackers can attempt common o...

Oct 28, 2024
CVE-2024-27158
7.4

All Toshiba printers share the same hardcoded root password, allowing attackers with network access to gain administrative control. This affects all T...

Jun 14, 2024
CVE-2024-31069
7.4

CVE-2024-31069 is a default credential vulnerability in IO-1020 Micro ELD web servers that allows attackers to gain administrative access using factor...

Apr 12, 2024
CVE-2025-0482
7.3

This critical vulnerability in Fanli2012 native-php-cms 1.0 allows attackers to bypass authentication using default credentials via the /fladmin/user_...

Jan 15, 2025
CVE-2024-7898
7.3

This critical vulnerability in Tosei Online Store Management System allows attackers to gain unauthorized access to the backend using default credenti...

Aug 17, 2024
CVE-2025-2398
7.2

This critical vulnerability in China Mobile networking devices allows attackers to use default credentials to gain unauthorized access via the CLI su ...

Mar 17, 2025
CVE-2026-28713
7.1

This vulnerability involves default credentials for a local privileged user in Acronis Cyber Protect virtual appliances. Attackers can gain administra...

Mar 6, 2026
CVE-2024-46899
7.1

Hitachi Ops Center Common Services and Analyzer viewpoint OVF contain an authentication credentials leakage vulnerability that could expose sensitive ...

Apr 22, 2025
CVE-2024-45068
7.1

This vulnerability allows attackers to leak authentication credentials from Hitachi Ops Center Common Services and OVA deployments. Attackers could po...

Dec 3, 2024
CVE-2023-40704
6.8

This vulnerability in Philips PACS systems allows attackers to gain unauthorized access by exploiting weak default passwords. It affects healthcare or...

Jul 18, 2024
CVE-2025-55740
6.5

This CVE describes a configuration vulnerability in nginx-defender where default administrative credentials are present in example configuration files...

Aug 19, 2025
CVE-2024-40113
6.5

The Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and earlier uses default administrative credentials that cannot be changed. This allows attac...

Jun 2, 2025
CVE-2026-1972
5.3

This vulnerability allows attackers to bypass authentication on Edimax BR-6208AC V2 routers by manipulating username/password arguments, potentially g...

Feb 6, 2026
CVE-2025-29521
5.3

D-Link DSL-7740C routers with vulnerable firmware have insecure default credentials for the Administrator account, allowing attackers to gain administ...

Aug 25, 2025
CVE-2025-29525
5.3

DASAN GPON ONU H660WM devices contain hardcoded default credentials in their control panel, allowing attackers to gain administrative access. This aff...

Aug 25, 2025
CVE-2025-8530
5.3

This vulnerability in elunez eladmin allows attackers to use default credentials for Druid database monitoring interface when login-username/login-pas...

Aug 4, 2025
CVE-2024-6535
5.3

CVE-2024-6535 is an authentication bypass vulnerability in Skupper's console when configured with OpenShift OAuth. Attackers can craft malicious cooki...

Jul 17, 2024

About CWE-1392 (CWE-1392)

Our database tracks 54 CVEs classified as CWE-1392, with 16 rated critical and 26 rated high severity. The average CVSS score for CWE-1392 vulnerabilities is 8.0.

External reference: View CWE-1392 on MITRE CWE →

Monitor CWE-1392 Vulnerabilities

Get alerted when new CWE-1392 CVEs affect your infrastructure.

Start Monitoring Free