VYPR

CWE-1392

Use of Default Credentials

BaseIncomplete

Description

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

It is common practice for products to be designed to use default keys, passwords, or other mechanisms for authentication. The rationale is to simplify the manufacturing process or the system administrator's task of installation and deployment into an enterprise. However, if admins do not change the defaults, it is easier for attackers to bypass authentication quickly across multiple organizations.

Hierarchy (View 1000)

CVEs mapped to this weakness (57)

page 2 of 3
  • CVE-2025-54756HigFeb 12, 2026
    risk 0.55cvss 8.4epss 0.00

    BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest release fixes this issue for new installations; users of old installations are…

  • CVE-2024-12902HigDec 23, 2024
    risk 0.55cvss 8.4epss 0.00

    ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product contains high-privilege service accounts. If these accounts use default passwords, attackers could remotely log in to the virtual machine…

  • CVE-2026-42941HigMay 29, 2026
    risk 0.54cvss 8.3epss 0.00

    The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change.

  • CVE-2024-4622HigMay 15, 2024
    risk 0.54cvss epss 0.00

    If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface protected by authentication. If the default credentials are not changed, an attacker can use public knowledge to access the device as an administrator.

  • CVE-2026-1803HigFeb 3, 2026
    risk 0.53cvss 8.1epss 0.01

    A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0. Impacted is an unknown function of the component Dropbear SSH Service. This manipulation causes use of default credentials. Remote exploitation of the attack is possible. The complexity of an attack is rather high.…

  • CVE-2025-10678CriOct 20, 2025
    risk 0.53cvss epss 0.00

    NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default…

  • CVE-2025-5124HigMay 24, 2025
    risk 0.53cvss 8.1epss 0.01

    A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. This affects an unknown part of the component Administrative Interface. The manipulation leads to use of default credentials. It is…

  • CVE-2024-10476HigDec 17, 2024
    risk 0.52cvss 8.0epss 0.00

    Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII).…

  • CVE-2026-50005HigJun 11, 2026
    risk 0.50cvss 7.7epss 0.00

    Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.

  • CVE-2020-36915HigJan 6, 2026
    risk 0.49cvss 7.5epss 0.00

    Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands…

  • CVE-2024-13893HigMar 6, 2025
    risk 0.49cvss epss 0.00

    Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory. For the telnet service to…

  • CVE-2024-12013HigFeb 13, 2025
    risk 0.49cvss 7.6epss 0.00

    A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could…

  • CVE-2024-54015HigFeb 11, 2025
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89…

  • CVE-2024-6245HigOct 28, 2024
    risk 0.48cvss 7.4epss 0.00

    Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a 2022 Maruti Suzuki Brezza in India Market. This issue affects SmartPlay:…

  • CVE-2024-27158HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-31069HigApr 12, 2024
    risk 0.48cvss 7.4epss 0.00

    IO-1020 Micro ELD web server uses a default password for authentication.

  • CVE-2024-30210HigApr 12, 2024
    risk 0.48cvss 7.4epss 0.00

    IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.

  • CVE-2025-11943HigOct 19, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability has been found in 70mai X200 up to 20251010. Affected by this vulnerability is an unknown functionality of the component HTTP Web Server. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to…

  • CVE-2025-2398HigMar 17, 2025
    risk 0.47cvss 7.2epss 0.01

    A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been rated as critical. This issue affects some unknown processing of the component CLI su Command Handler. The manipulation leads to use of…

  • CVE-2024-46899HigApr 22, 2025
    risk 0.46cvss 7.1epss 0.00

    Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.This issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Analyzer viewpoint OVF:…