CWE-1392
AllowedUse of Default Credentials
Abstraction: Base · Status: Incomplete
The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
191 vulnerabilities reference this CWE, most recent first.
GHSA-R64V-2M5C-FMX7
Vulnerability from github – Published: 2025-12-24 21:30 – Updated: 2025-12-24 21:30Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.
{
"affected": [],
"aliases": [
"CVE-2018-25147"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-24T20:15:49Z",
"severity": "CRITICAL"
},
"details": "Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.",
"id": "GHSA-r64v-2m5c-fmx7",
"modified": "2025-12-24T21:30:32Z",
"published": "2025-12-24T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25147"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/45040"
},
{
"type": "WEB",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5480.php"
},
{
"type": "WEB",
"url": "http://www.microhardcorp.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-R73J-M9R2-MWV8
Vulnerability from github – Published: 2024-04-15 00:30 – Updated: 2024-04-15 00:30Default credentials on the Web Interface of Evolution Controller 2.x (123 and 123) allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password.
{
"affected": [],
"aliases": [
"CVE-2024-29844"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-15T00:15:14Z",
"severity": "HIGH"
},
"details": "Default credentials on the Web Interface of Evolution Controller 2.x (123 and 123) allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password.",
"id": "GHSA-r73j-m9r2-mwv8",
"modified": "2024-04-15T00:30:40Z",
"published": "2024-04-15T00:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29844"
},
{
"type": "WEB",
"url": "https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RRQ3-36Q9-C259
Vulnerability from github – Published: 2025-01-23 21:31 – Updated: 2025-01-23 21:31Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23).
{
"affected": [],
"aliases": [
"CVE-2025-23012"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-23T21:15:15Z",
"severity": "HIGH"
},
"details": "Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23).",
"id": "GHSA-rrq3-36q9-c259",
"modified": "2025-01-23T21:31:52Z",
"published": "2025-01-23T21:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23012"
},
{
"type": "WEB",
"url": "https://github.com/fcrepo-exts/migration-utils"
},
{
"type": "WEB",
"url": "https://github.com/fcrepo/fcrepo/releases"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-021-01.json"
},
{
"type": "WEB",
"url": "https://wiki.lyrasis.org/display/FEDORA38/XACML+Policy+Enforcement#XACMLPolicyEnforcement-4.1fedora-usersattributes"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-RXCP-3VRP-9452
Vulnerability from github – Published: 2025-07-03 12:34 – Updated: 2025-07-03 12:34Multiple services of the DUT as well as different scopes of the same service reuse the same credentials.
{
"affected": [],
"aliases": [
"CVE-2025-1711"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-03T12:15:22Z",
"severity": "MODERATE"
},
"details": "Multiple services of the DUT as well as different scopes of the same service reuse the same credentials.",
"id": "GHSA-rxcp-3vrp-9452",
"modified": "2025-07-03T12:34:57Z",
"published": "2025-07-03T12:34:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1711"
},
{
"type": "WEB",
"url": "https://sick.com/psirt"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"type": "WEB",
"url": "https://www.endress.com"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V6PG-R53J-46R2
Vulnerability from github – Published: 2025-08-26 00:31 – Updated: 2025-08-26 18:31Insecure default credentials for the Adminsitrator account of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to escalate privileges via a bruteforce attack.
{
"affected": [],
"aliases": [
"CVE-2025-29521"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-25T15:15:38Z",
"severity": "MODERATE"
},
"details": "Insecure default credentials for the Adminsitrator account of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to escalate privileges via a bruteforce attack.",
"id": "GHSA-v6pg-r53j-46r2",
"modified": "2025-08-26T18:31:15Z",
"published": "2025-08-26T00:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29521"
},
{
"type": "WEB",
"url": "https://gist.github.com/stevenyu113228/73f06459df5ac3257ff451e382497832"
},
{
"type": "WEB",
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VCHQ-5HMX-6HMP
Vulnerability from github – Published: 2023-10-10 15:30 – Updated: 2025-02-13 18:31All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the "external program" feature in the web user interface. This was reportedly exploited in the wild in March 2023.
{
"affected": [],
"aliases": [
"CVE-2023-30801"
],
"database_specific": {
"cwe_ids": [
"CWE-1392",
"CWE-798"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-10T14:15:10Z",
"severity": "CRITICAL"
},
"details": "All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the \"external program\" feature in the web user interface. This was reportedly exploited in the wild in March 2023.",
"id": "GHSA-vchq-5hmx-6hmp",
"modified": "2025-02-13T18:31:55Z",
"published": "2023-10-10T15:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30801"
},
{
"type": "WEB",
"url": "https://github.com/qbittorrent/qBittorrent/issues/18731"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5WXBKELVZFZNIDONIJESOCSRPIQNCGI"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4BNFJR3ZWVLE2YSYIQYBWVDQBBZOLEL"
},
{
"type": "WEB",
"url": "https://vulncheck.com/advisories/qbittorrent-default-creds"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VF6R-C2JR-9WJQ
Vulnerability from github – Published: 2026-03-11 06:31 – Updated: 2026-03-11 06:31netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost all users changed the password but only about 90% changed the token. Having a default token value was intentional and was valuable for the main intended use case of the netbox-docker product (isolated development networks). Some users engaged in an effort to repurpose netbox-docker for production. The documentation for this effort stated that the defaults must not be used. However, installation did not ensure non-default values. The Supplier was aware of the CVE ID assignment and did not object to the assignment.
{
"affected": [],
"aliases": [
"CVE-2023-27573"
],
"database_specific": {
"cwe_ids": [
"CWE-1392",
"CWE-798"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-11T06:17:11Z",
"severity": "CRITICAL"
},
"details": "netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost all users changed the password but only about 90% changed the token. Having a default token value was intentional and was valuable for the main intended use case of the netbox-docker product (isolated development networks). Some users engaged in an effort to repurpose netbox-docker for production. The documentation for this effort stated that the defaults must not be used. However, installation did not ensure non-default values. The Supplier was aware of the CVE ID assignment and did not object to the assignment.",
"id": "GHSA-vf6r-c2jr-9wjq",
"modified": "2026-03-11T06:31:41Z",
"published": "2026-03-11T06:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27573"
},
{
"type": "WEB",
"url": "https://github.com/netbox-community/netbox-docker/issues/953"
},
{
"type": "WEB",
"url": "https://github.com/netbox-community/netbox-docker/pull/959"
},
{
"type": "WEB",
"url": "https://github.com/netbox-community/netbox-docker/releases/tag/2.5.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VH9F-GM3F-X483
Vulnerability from github – Published: 2024-07-18 18:31 – Updated: 2024-07-18 18:31Philips Vue PACS uses default credentials for potentially critical functionality.
{
"affected": [],
"aliases": [
"CVE-2023-40704"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-18T17:15:03Z",
"severity": "HIGH"
},
"details": "Philips Vue PACS uses default credentials for potentially critical functionality.",
"id": "GHSA-vh9f-gm3f-x483",
"modified": "2024-07-18T18:31:43Z",
"published": "2024-07-18T18:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40704"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01"
},
{
"type": "WEB",
"url": "http://www.philips.com/productsecurity"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VPPR-7254-JPR7
Vulnerability from github – Published: 2023-07-06 21:15 – Updated: 2024-10-14 06:30Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator’s privilege, resulting in performing arbitrary system operation or disrupt service.
{
"affected": [],
"aliases": [
"CVE-2023-30603"
],
"database_specific": {
"cwe_ids": [
"CWE-1392",
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-02T11:15:10Z",
"severity": "CRITICAL"
},
"details": "Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator\u2019s privilege, resulting in performing arbitrary system operation or disrupt service.",
"id": "GHSA-vppr-7254-jpr7",
"modified": "2024-10-14T06:30:42Z",
"published": "2023-07-06T21:15:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30603"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/tw/cp-132-7085-13321-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VW2Q-8FMV-FJ4F
Vulnerability from github – Published: 2025-08-27 00:31 – Updated: 2025-08-27 00:31Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30.
{
"affected": [],
"aliases": [
"CVE-2025-35114"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-26T23:15:35Z",
"severity": "HIGH"
},
"details": "Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30.",
"id": "GHSA-vw2q-8fmv-fj4f",
"modified": "2025-08-27T00:31:16Z",
"published": "2025-08-27T00:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35114"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json"
},
{
"type": "WEB",
"url": "https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-35114"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
Prohibit use of default, hard-coded, or other values that do not vary for each installation of the product - especially for separate organizations.
Mitigation
Force the administrator to change the credential upon installation.
Mitigation
The product administrator could change the defaults upon installation or during operation.
No CAPEC attack patterns related to this CWE.