Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-1392:Use of Default Credentials
Weakness ID:1392
Version:v4.17
Weakness Name:Use of Default Credentials
Vulnerability Mapping:Allowed
Abstraction:Base
Structure:Simple
Status:Incomplete
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
58Vulnerabilities found
CVE-2024-29844
Assigner-DirectCyber
ShareView Details
Assigner-DirectCyber
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 20.67%
||
7 Day CHG~0.00%
Published-14 Apr, 2024 | 23:48
Updated-25 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Default credentials on web interface of Evolution Controller Versions allows attackers to login and perform administrative functions

Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password.

Action-Not Available
Vendor-CS Technologies Australiacs_technologies
Product-Evolution Controllerevolution_controller
CWE ID-CWE-1392
Use of Default Credentials
CVE-2024-31069
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.4||HIGH
EPSS-0.04% / 11.55%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 15:18
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IOSIX IO-1020 Micro ELD Use of Default Credentials

IO-1020 Micro ELD web server uses a default password for authentication.

Action-Not Available
Vendor-IOSiX
Product-IO-1020 Micro ELD
CWE ID-CWE-1392
Use of Default Credentials
CVE-2024-30210
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.4||HIGH
EPSS-0.10% / 29.10%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 15:16
Updated-02 Aug, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IOSIX IO-1020 Micro ELD Use of Default Credentials

IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.

Action-Not Available
Vendor-IOSiX
Product-IO-1020 Micro ELD
CWE ID-CWE-1392
Use of Default Credentials
CVE-2024-28093
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.74%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 00:00
Updated-28 Oct, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account.

Action-Not Available
Vendor-n/aAdtran, Inc
Product-n/anetvanta_3120_firmware
CWE ID-CWE-1392
Use of Default Credentials
CVE-2023-49621
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.38%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 10:00
Updated-17 Jun, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cn_4100SIMATIC CN 4100
CWE ID-CWE-1392
Use of Default Credentials
CVE-2023-30801
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.23%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 13:46
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
qBittorrent Web UI Default Credentials Lead to RCE

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the "external program" feature in the web user interface. This was reportedly exploited in the wild in March 2023.

Action-Not Available
Vendor-qbittorrentqBittorrent
Product-qbittorrentqBittorrent client
CWE ID-CWE-1392
Use of Default Credentials
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-3703
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-10||CRITICAL
EPSS-0.08% / 23.50%
||
7 Day CHG~0.00%
Published-03 Sep, 2023 | 14:19
Updated-30 Sep, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Proscend Advice ICR Series routers fw version 1.76

Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials

Action-Not Available
Vendor-proscendProscend Adviceproscend
Product-a510-f1m360-pm350-6m350-w6_firmwarem301-g_firmwarem560-5g_firmwarem350-6_firmwarem330-wa520i-f1_firmwarem357-5gm331_firmwarem350-5g_firmwarem330-w5m301-gm357-ai_firmwarem301-gwm357-5g_firmwarem331m301-gw_firmwarea551i-f1a551i-f1_firmwarea510-l1_firmwarea543i-l1_firmwarem350-5gm330-w5_firmwarem560-5ga520i-f1a552i-f1_firmwarea552i-f1m357-aia551i-f4m350-w5g_firmwarea551i-f4_firmwarem350-w5gm330-w_firmwarea510-l1m360-p_firmwarem350-w6a510-f1_firmwarea543i-l1ICR Series routers FWicr_series_routers_fw
CWE ID-CWE-1392
Use of Default Credentials
CVE-2023-30603
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.85% / 73.99%
||
7 Day CHG~0.00%
Published-02 Jun, 2023 | 00:00
Updated-08 Jan, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hitron Technologies Inc. CODA-5310 - Using default credentials

Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator’s privilege, resulting in performing arbitrary system operation or disrupt service.

Action-Not Available
Vendor-hitrontechHitron Technologies Inc.
Product-coda-5310_firmwarecoda-5310Hitron CODA-5310
CWE ID-CWE-1392
Use of Default Credentials
  • Previous
  • 1
  • 2
  • Next