Login Sign Up

CWE-521: CWE-521

73
Total CVEs
33
Critical
23
High
8.1
Avg CVSS

Yearly Trend

2026
5
2025
25
2024
10
2023
11
2022
9

Top Affected Vendors

1 Ibm 5
2 Hcltech 3
3 Apache 2
4 Lfprojects 2
5 Azure Access 2
6 Gotenna 2
7 Librenms 1
8 Inhandnetworks 1
9 Zammad 1
10 Janeczku 1

All CWE-521 CVEs (73)

CVE-2026-25715
9.8

This vulnerability allows network-adjacent attackers to gain full administrative control of affected devices by setting administrator credentials to b...

Feb 20, 2026
CVE-2025-53963
9.8

This vulnerability allows attackers with network access to achieve root-level code execution on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 device...

Dec 4, 2025
CVE-2025-63747
9.8

QaTraq 6.9.2 ships with default administrative credentials that are enabled in fresh installations. This allows attackers who can access the login pag...

Nov 17, 2025
CVE-2025-12552
9.8

CVE-2025-12552 is a critical authentication vulnerability in BLU-IC2 and BLU-IC4 devices where insufficient password policies allow weak or default cr...

Oct 31, 2025
CVE-2025-11200
9.8

This vulnerability allows remote attackers to bypass authentication in MLflow installations due to weak password requirements. Attackers can gain unau...

Oct 29, 2025
CVE-2025-12364
9.8

CVE-2025-12364 is a weak password policy vulnerability affecting BLU-IC2 and BLU-IC4 devices. This allows attackers to easily guess or brute-force pas...

Oct 27, 2025
CVE-2025-28200
9.8

The Victure RX1800 router uses a weak default password derived from the last 8 digits of its MAC address, allowing attackers to easily guess credentia...

May 9, 2025
CVE-2025-25211
9.8

CVE-2025-25211 is a weak password requirements vulnerability in CHOCO TEI WATCHER mini (IB-MCT001) industrial cameras that allows brute-force attacks ...

Mar 31, 2025
CVE-2025-27663
9.8

CVE-2025-27663 is a critical authentication vulnerability in Vasion Print (formerly PrinterLogic) that uses weak password encryption/encoding, potenti...

Mar 5, 2025
CVE-2024-42850
9.8

This vulnerability in Silverpeas allows attackers to bypass password complexity requirements when changing passwords, potentially enabling weak passwo...

Aug 16, 2024
CVE-2023-24049
9.8

CVE-2023-24049 is a privilege escalation vulnerability in Connectize AC21000 G6 routers due to poor credential management. Attackers can exploit this ...

Dec 4, 2023
CVE-2023-29974
9.8

CVE-2023-29974 is a critical authentication vulnerability in pfSense CE 2.6.0 that allows attackers to compromise user accounts due to weak password r...

Nov 8, 2023
CVE-2023-37756
9.8

CVE-2023-37756 allows attackers to brute-force administrator passwords in i-doit IT documentation software due to weak password requirements. This can...

Sep 14, 2023
CVE-2023-31098
9.8

Apache InLong versions 1.1.0 through 1.6.0 have weak password requirements that allow users to set simple passwords. Attackers can easily guess these ...

May 22, 2023
CVE-2023-2106
9.8

CVE-2023-2106 is a critical authentication vulnerability in Calibre-Web that allows attackers to bypass weak password requirements and gain unauthoriz...

Apr 15, 2023
CVE-2022-31211
9.8

Infiray IRAY-A8Z3 thermal cameras have a default blank root password for TELNET, allowing attackers to gain full administrative access. This affects a...

Jul 17, 2022
CVE-2022-1668
9.8

CVE-2022-1668 is a critical authentication vulnerability where weak default root credentials allow remote attackers to gain superuser privileges via S...

Jun 24, 2022
CVE-2022-2098
9.8

CVE-2022-2098 is a critical authentication vulnerability in the Titra time-tracking software that allows attackers to bypass weak password requirement...

Jun 16, 2022
CVE-2022-1775
9.8

CVE-2022-1775 is a critical authentication vulnerability in the truDesk helpdesk software that allows attackers to bypass weak password requirements a...

May 20, 2022
CVE-2021-40520
9.8

Airangel HSMX Gateway devices through version 5.2.04 use weak SSH credentials, allowing attackers to easily guess or brute-force access. This affects ...

Nov 10, 2021
CVE-2021-38462
9.8

The InHand Networks IR615 Router has weak password policy enforcement in versions 2.3.0.r4724 and 2.3.0.r4870, allowing attackers who obtain user cred...

Oct 19, 2021
CVE-2021-41296
9.8

ECOA BAS controllers use weak default administrative credentials that can be easily guessed in remote password attacks, allowing attackers to gain ful...

Sep 30, 2021
CVE-2021-20418
9.8

IBM Security Guardium 11.2 has a weak default password policy that doesn't enforce strong passwords, making user accounts vulnerable to brute-force at...

Aug 11, 2021
CVE-2021-25839
9.8

MintHCM RELEASE 3.0.8 has weak password requirements in its user creation function, allowing attackers to more easily brute-force passwords. This affe...

Apr 26, 2021
CVE-2021-26797
9.8

This critical vulnerability in Hame SD1 Wi-Fi firmware allows attackers to gain administrator access through an open Telnet service with default crede...

Apr 26, 2021
CVE-2020-25153
9.8

This vulnerability allows attackers to compromise MOXA NPort IAW5000A-I/O devices through weak password enforcement in the built-in web service. Affec...

Dec 23, 2020
CVE-2020-29591
9.8

This vulnerability allows remote attackers to gain root access to Docker registry containers by using a blank password for the root user. It affects s...

Dec 11, 2020
CVE-2020-26201
9.8

This vulnerability allows attackers to gain unauthorized administrative or root access to Askey AP5100W Dual-SIG WiFi mesh access points via Telnet or...

Dec 10, 2020
CVE-2019-17444
9.8

This vulnerability allows unauthorized network-based attackers to gain administrative access to Jfrog Artifactory instances by exploiting default pass...

Oct 12, 2020
CVE-2025-55299
9.4

VaulTLS versions before 0.9.1 have a critical authentication bypass vulnerability. Attackers can log into user accounts created through the web UI usi...

Aug 18, 2025
CVE-2024-48845
9.4

This CVE describes weak password reset rules in ABB building automation systems that allow storage of weak passwords, potentially enabling unauthorize...

Dec 5, 2024
CVE-2026-27575
9.1

This vulnerability in Vikunja task management software allows attackers to compromise accounts through weak password policies and maintain persistent ...

Feb 25, 2026
CVE-2021-40333
9.0

This CVE describes a weak password requirements vulnerability in Hitachi Energy FOX61x and XCM20 devices that allows attackers to gain unauthorized ac...

Dec 2, 2021
CVE-2024-25729
8.8

This vulnerability affects Arris SBG6580 devices with predictable default WPA2 passwords, allowing attackers to gain unauthorized network access. The ...

Mar 8, 2024
CVE-2023-4125
8.8

CVE-2023-4125 is a weak password requirements vulnerability in the answerdev/answer software that allows attackers to brute-force user accounts due to...

Aug 3, 2023
CVE-2023-3423
8.8

This CVE describes weak password requirements in the cloudexplorer-lite GitHub repository, allowing attackers to easily guess or brute-force user cred...

Jun 27, 2023
CVE-2022-26117
8.8

This vulnerability in FortiNAC allows authenticated attackers to access MySQL databases via the CLI when configuration files contain empty passwords. ...

Jul 18, 2022
CVE-2025-60954
8.3

Microweber CMS 2.0 has weak password requirements that allow users to set extremely simple passwords during password resets, including single-characte...

Oct 24, 2025
CVE-2025-55034
8.2

The General Industrial Controls Lynx+ Gateway has weak password requirements that allow attackers to brute-force login credentials. This vulnerability...

Nov 15, 2025
CVE-2024-36789
8.1

This vulnerability in Netgear WNR614 routers allows attackers to set passwords that bypass the device's security policy requirements. Attackers could ...

Jun 7, 2024
CVE-2023-37503
8.1

HCL Compass has weak password requirements that allow attackers to easily guess passwords and compromise user accounts. This affects all HCL Compass i...

Oct 19, 2023
CVE-2021-25923
8.1

OpenEMR versions 5.0.0 to 6.0.0.1 have weak password requirements that don't enforce maximum password length. This allows attackers who know the first...

Jun 24, 2021
CVE-2022-39997
8.0

This vulnerability in Teldats Router RS123 and RS123w allows remote attackers to escalate privileges due to weak password requirements. Attackers can ...

Aug 27, 2024
CVE-2025-63800
7.5

This vulnerability allows authenticated users to set their account password to an empty string via the password change endpoint in Open Source Point o...

Nov 18, 2025
CVE-2025-22390
7.5

This vulnerability allows attackers to compromise user accounts through password attacks due to weak password requirements in Optimizely EPiServer CMS...

Jan 4, 2025
CVE-2024-47221
7.5

Rapid SCADA through version 5.8.4 contains an authentication bypass vulnerability in the CheckUser function that allows empty passwords. This enables ...

Sep 22, 2024
CVE-2023-2060
7.5

This vulnerability allows remote attackers to bypass authentication on Mitsubishi Electric industrial control modules via FTP due to weak password req...

Jun 2, 2023
CVE-2023-25072
7.5

CVE-2023-25072 is a vulnerability in SkyBridge MB-A100/110 firmware that allows remote unauthenticated attackers to decrypt the WebUI password due to ...

May 10, 2023
CVE-2022-29729
7.5

This vulnerability affects Verizon 4G LTE Network Extender devices with a weak default admin password generation algorithm. Unauthenticated attackers ...

Jun 2, 2022
CVE-2022-29700
7.5

CVE-2022-29700 is a vulnerability in Zammad v5.1.0 where lack of password length restriction allows attackers to create extremely long passwords, caus...

Apr 27, 2022

About CWE-521 (CWE-521)

Our database tracks 73 CVEs classified as CWE-521, with 33 rated critical and 23 rated high severity. The average CVSS score for CWE-521 vulnerabilities is 8.1.

External reference: View CWE-521 on MITRE CWE →

Monitor CWE-521 Vulnerabilities

Get alerted when new CWE-521 CVEs affect your infrastructure.

Start Monitoring Free