CWE-521
Weak Password Requirements
Description
The product does not require that users should have strong passwords.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-112 · CAPEC-16 · CAPEC-49 · CAPEC-509 · CAPEC-55 · CAPEC-555 · CAPEC-561 · CAPEC-565 · CAPEC-70
CVEs mapped to this weakness (85)
page 1 of 5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-25715 | — | Cri | 0.64 | 9.8 | 0.01 | Feb 20, 2026 | The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authentication with empty credentials over the web management interface and Telnet service. This effectively disables … | |
| CVE-2025-30127 | Cri | 0.64 | 9.8 | 0.00 | Aug 6, 2025 | An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either by default, common, or cracked passwords, the video recordings (containing sensitive routes, conversations, and footage) are open for downloading by creating a socket to command port… | ||
| CVE-2025-25211 | Cri | 0.64 | 9.8 | 0.01 | Mar 31, 2025 | Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login. | ||
| CVE-2024-3263 | Cri | 0.64 | 9.8 | 0.01 | May 14, 2024 | YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks.… | ||
| CVE-2018-12925 | Cri | 0.64 | 9.8 | 0.01 | Jun 28, 2018 | Baseon Lantronix MSS devices do not require a password for TELNET access. | ||
| CVE-2017-1601 | Cri | 0.64 | 9.8 | 0.03 | May 2, 2018 | IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624. | ||
| CVE-2018-1372 | Cri | 0.64 | 9.8 | 0.02 | Feb 27, 2018 | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 137772. | ||
| CVE-2017-3186 | Cri | 0.64 | 9.8 | 0.06 | Dec 16, 2017 | ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials. | ||
| CVE-2017-14189 | Cri | 0.64 | 9.8 | 0.03 | Nov 29, 2017 | An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password. | ||
| CVE-2017-1221 | Cri | 0.64 | 9.8 | 0.02 | Nov 13, 2017 | IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861. | ||
| CVE-2017-12861 | Cri | 0.64 | 9.8 | 0.03 | Oct 10, 2017 | The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.All Epson projectors supporting the "EasyMP"… | ||
| CVE-2017-9853 | Cri | 0.64 | 9.8 | 0.02 | Aug 5, 2017 | An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a… | ||
| CVE-2017-7903 | Cri | 0.64 | 9.8 | 0.03 | Jun 30, 2017 | A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series… | ||
| CVE-2017-1196 | Cri | 0.64 | 9.8 | 0.02 | Jun 7, 2017 | IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123671. | ||
| CVE-2026-6284 | — | Cri | 0.59 | 9.1 | 0.00 | Apr 17, 2026 | An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible. | |
| CVE-2017-16727 | Cri | 0.59 | 9.1 | 0.02 | Dec 22, 2017 | A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to… | ||
| CVE-2026-41038 | Hig | 0.57 | 8.8 | 0.00 | Apr 21, 2026 | This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user… | ||
| CVE-2025-34058 | Hig | 0.57 | — | 0.01 | Jul 1, 2025 | Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the… | ||
| CVE-2024-25729 | Hig | 0.57 | 8.8 | 0.00 | Mar 8, 2024 | Arris SBG6580 devices have predictable default WPA2 security passwords that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last octet.) | ||
| CVE-2018-15748 | Hig | 0.57 | 8.8 | 0.01 | Aug 23, 2018 | On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the… |
- risk 0.64cvss 9.8epss 0.01
The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authentication with empty credentials over the web management interface and Telnet service. This effectively disables …
- risk 0.64cvss 9.8epss 0.00
An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either by default, common, or cracked passwords, the video recordings (containing sensitive routes, conversations, and footage) are open for downloading by creating a socket to command port…
- risk 0.64cvss 9.8epss 0.01
Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login.
- risk 0.64cvss 9.8epss 0.01
YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks.…
- risk 0.64cvss 9.8epss 0.01
Baseon Lantronix MSS devices do not require a password for TELNET access.
- risk 0.64cvss 9.8epss 0.03
IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624.
- risk 0.64cvss 9.8epss 0.02
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 137772.
- risk 0.64cvss 9.8epss 0.06
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.
- risk 0.64cvss 9.8epss 0.03
An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password.
- risk 0.64cvss 9.8epss 0.02
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861.
- risk 0.64cvss 9.8epss 0.03
The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.All Epson projectors supporting the "EasyMP"…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a…
- risk 0.64cvss 9.8epss 0.03
A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series…
- risk 0.64cvss 9.8epss 0.02
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123671.
- risk 0.59cvss 9.1epss 0.00
An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.
- risk 0.59cvss 9.1epss 0.02
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to…
- risk 0.57cvss 8.8epss 0.00
This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user…
- risk 0.57cvss —epss 0.01
Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the…
- risk 0.57cvss 8.8epss 0.00
Arris SBG6580 devices have predictable default WPA2 security passwords that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last octet.)
- risk 0.57cvss 8.8epss 0.01
On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the…