CWE-1188
Initialization of a Resource with an Insecure Default
Description
The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (144)
page 1 of 8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-61481 | Cri | 0.65 | 10.0 | 0.00 | Oct 27, 2025 | An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrator’s browser and intercept credentials. | ||
| CVE-2025-41672 | — | Cri | 0.65 | 10.0 | 0.00 | Jul 7, 2025 | A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices. | |
| CVE-2017-7964 | Cri | 0.65 | 10.0 | 0.03 | Apr 19, 2017 | Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process. | ||
| CVE-2017-5178 | Cri | 0.65 | 9.8 | 0.14 | Mar 8, 2017 | An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with… | ||
| CVE-2026-39920 | Cri | 0.64 | 9.8 | 0.01 | Apr 24, 2026 | BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to… | ||
| CVE-2026-28205 | Cri | 0.64 | 9.8 | 0.00 | Apr 9, 2026 | OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API. | ||
| CVE-2025-62877 | — | Cri | 0.64 | 9.8 | 0.00 | Jan 8, 2026 | Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if… | |
| CVE-2025-24288 | Cri | 0.64 | 9.8 | 0.00 | Jun 19, 2025 | The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts (most with sudo access) that utilize the same default credentials. By default, Versa director exposes ssh and postgres to the… | ||
| CVE-2025-41438 | Cri | 0.64 | 9.8 | 0.01 | May 30, 2025 | The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds high-level permissions… | ||
| CVE-2025-1863 | Cri | 0.64 | 9.8 | 0.01 | Apr 18, 2025 | Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all… | ||
| CVE-2025-1960 | Cri | 0.64 | 9.8 | 0.01 | Mar 12, 2025 | CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. The default username is not displayed correctly… | ||
| CVE-2024-28815 | Cri | 0.64 | 9.8 | 0.01 | Mar 27, 2024 | A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4 through 8.6 could allow access to sensitive information, changes to the system configuration, or execution of arbitrary commands within the context of the system. | ||
| CVE-2018-15350 | Cri | 0.64 | 9.8 | 0.05 | Aug 17, 2018 | Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router. | ||
| CVE-2018-10968 | Cri | 0.64 | 9.8 | 0.02 | May 18, 2018 | On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability. | ||
| CVE-2018-10251 | Cri | 0.64 | 9.8 | 0.04 | May 4, 2018 | A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full… | ||
| CVE-2018-3591 | Cri | 0.64 | 9.8 | 0.01 | Apr 11, 2018 | In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845,… | ||
| CVE-2018-5770 | Cri | 0.64 | 9.8 | 0.03 | Mar 20, 2018 | An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts,… | ||
| CVE-2018-0130 | Cri | 0.64 | 9.8 | 0.02 | Feb 22, 2018 | A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static… | ||
| CVE-2017-12739 | Cri | 0.64 | 9.8 | 0.06 | Nov 15, 2017 | An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to execute arbitrary code… | ||
| CVE-2017-8021 | Cri | 0.64 | 9.8 | 0.02 | Oct 3, 2017 | EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. |
- risk 0.65cvss 10.0epss 0.00
An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrator’s browser and intercept credentials.
- risk 0.65cvss 10.0epss 0.00
A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.
- risk 0.65cvss 10.0epss 0.03
Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process.
- risk 0.65cvss 9.8epss 0.14
An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with…
- risk 0.64cvss 9.8epss 0.01
BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to…
- risk 0.64cvss 9.8epss 0.00
OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API.
- risk 0.64cvss 9.8epss 0.00
Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if…
- risk 0.64cvss 9.8epss 0.00
The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts (most with sudo access) that utilize the same default credentials. By default, Versa director exposes ssh and postgres to the…
- risk 0.64cvss 9.8epss 0.01
The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds high-level permissions…
- risk 0.64cvss 9.8epss 0.01
Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all…
- risk 0.64cvss 9.8epss 0.01
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. The default username is not displayed correctly…
- risk 0.64cvss 9.8epss 0.01
A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4 through 8.6 could allow access to sensitive information, changes to the system configuration, or execution of arbitrary commands within the context of the system.
- risk 0.64cvss 9.8epss 0.05
Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router.
- risk 0.64cvss 9.8epss 0.02
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability.
- risk 0.64cvss 9.8epss 0.04
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full…
- risk 0.64cvss 9.8epss 0.01
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845,…
- risk 0.64cvss 9.8epss 0.03
An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts,…
- risk 0.64cvss 9.8epss 0.02
A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static…
- risk 0.64cvss 9.8epss 0.06
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to execute arbitrary code…
- risk 0.64cvss 9.8epss 0.02
EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.