CWE-1391

Use of Weak Credentials

Parent: CWE-1390 - Weak Authentication

The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.

50 vulnerabilities with CWE-1391
CVE-2025-22936 MEDIUM
Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router - Info Disclosure
CVSS 5.7
CVE-2024-51978 CRITICAL
Brother/Konica/Toshiba Printers - Default Admin Password Generation
CVSS 9.8
CVE-2024-52331 HIGH
ECOVACS Robot Lawnmowers and Vacuums - Arbitrary Firmware Installation via Deterministic Symmetric Key
CVSS 7.5
CVE-2024-43659 HIGH
Iocharger AC <25010801 - Info Disclosure
CVSS 7.2
CVE-2024-11717 MEDIUM
CTFd < 3.7.4 - Account Takeover via Reusable Activation Token
CVE-2024-12728 CRITICAL
Sophos Firewall <20.0.3 - Privilege Escalation
CVSS 9.8
CVE-2024-45722 HIGH
Ruijie Reyee OS <2.320 - Info Disclosure
CVSS 7.5
CVE-2024-43698 CRITICAL
Kieback & Peter's DDC4000 - Privilege Escalation
CVSS 9.8
CVE-2024-45272 HIGH
Helmholz myREX24 V2 Virtual Server < 2.16.3 - Unauthenticated Brute-Force Attack via Remote Service Portal
CVSS 7.5
CVE-2024-42027 MEDIUM
Rocket.Chat Mobile <4.5.1 - Info Disclosure
CVSS 6.7
CVE-2024-7558 HIGH
Juju < 2.9.51 - Unauthenticated Predictable Authentication Secret via JUJU_CONTEXT_ID
CVSS 8.7
CVE-2024-40892 HIGH
Firewalla Box Software <1.979 - Auth Bypass
CVSS 7.1
CVE-2024-42051 HIGH
Splashtop Streamer <3.6.2.0 - Privilege Escalation
CVSS 7.8
CVE-2024-32759 HIGH
Software House C●CURE 9000 - Auth Bypass
CVE-2024-5634 HIGH
Longse LBH30FE200W - Info Disclosure
CVE-2024-33849 MEDIUM
CI-Out-of-Office Manager <6.0.0.77 - Info Disclosure
CVSS 6.5
CVE-2024-28066 HIGH
Unify CP IP Phone <1.10.4.3 - Info Disclosure
CVSS 8.8
CVE-2024-21865 MEDIUM
HGW BL1500HM <002.001.013 - Info Disclosure
CVSS 6.5
CVE-2024-29071 HIGH
HGW BL1500HM <002.001.013 - Info Disclosure
CVSS 8.8
CVE-2023-48257 HIGH
Bosch nexo-os 1000-1500-sp2 - Authenticated Remote Code Execution via Crafted HTTP Requests
CVSS 7.8
CVE-2023-3470 MEDIUM
F5 BIG-IP - Improper Authentication via Deterministic Crypto User Password
CVSS 6.0
CVE-2023-0635 HIGH
ABB ASPECT-Enterprise, NEXUS & MATRIX Series Firmware 3.0.0-3.07.01 - Privilege Escalation via Weak Credentials
CVSS 7.8
CVE-2023-31240 HIGH
Snap One OvrC Pro <7.2 - Info Disclosure
CVSS 8.3
CVE-2023-28368 MEDIUM
TP-Link L2 switch T2600G-28SQ <V1_1.0.6 Build 20230227 - Open Redirect
CVSS 5.7
CVE-2022-3010 HIGH
Priva TopControl Suite - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 50
Links
MITRE CWE Entry Search this CWE With Exploits