CWE-1392

102 CVEs classified under CWE-1392. Browse by severity and year.

Top CVEs for CWE-1392
CVESeverityScorePublishedSummary
CVE-2025-55051Critical10.02025-09-09CWE-1392: Use of Default Credentials
CVE-2023-3703Critical10.02023-09-03 Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials
CVE-2026-46386Critical9.92026-06-26OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRET_KEY_BASE=OVERW…
CVE-2026-45039Critical9.82026-05-28RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 sig…
CVE-2026-44159Critical9.82026-05-19Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has…
CVE-2026-42072Critical9.82026-05-08Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, th…
CVE-2026-22886Critical9.82026-03-03OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication. However, the product ships with a default administrative ac…
CVE-2026-27751Critical9.82026-02-27SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative ac…
CVE-2026-26341Critical9.82026-02-24Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during inst…
CVE-2026-26366Critical9.82026-02-15eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without…
CVE-2022-50803Critical9.82025-12-30JM-DATA ONU JF511-TV version 1.0.67 uses default credentials that allow attackers to gain unauthorized access to the device with administrative privileges.
CVE-2025-54303Critical9.82025-12-04The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are stored as fixtures for the Django ORM API. The ionadmin user…
CVE-2025-34516Critical9.82025-10-16Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain rem…
CVE-2025-10542Critical9.82025-09-25iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrato…
CVE-2025-35042Critical9.82025-09-22Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change…
CVE-2025-35452Critical9.82025-09-05PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.
CVE-2025-8731Critical9.82025-08-08A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The man…
CVE-2025-51536Critical9.82025-08-04Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password.
CVE-2025-30139Critical9.82025-03-18An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials t…
CVE-2024-12286Critical9.82024-12-10MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.