CVEs classified under CWE-1391, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (40)
CVE-2025-67114 — CVSS 9.8 (critical): Use of a deterministic credential generation algorithm in /ftl/bin/calc_f2 in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware…
CVE-2026-22886 — CVSS 9.8 (critical): OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication. However, the product ships with a…
CVE-2025-30519 — CVSS 9.8 (critical): Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative…
CVE-2025-6077 — CVSS 9.8 (critical): Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the…
CVE-2024-51978 — CVSS 9.8 (critical): An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An…
CVE-2024-12728 — CVSS 9.8 (critical): A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3…
CVE-2024-43698 — CVSS 9.8 (critical): Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.
CVE-2026-8076: Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user…
CVE-2025-59103: The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in older hardware revisions. In this new…
CVE-2025-53558 — CVSS 8.8 (high): ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential…
CVE-2024-29071 — CVSS 8.8 (high): HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change…
CVE-2026-35089: In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be…
CVE-2024-5634: Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a specific pattern…
CVE-2026-23853 — CVSS 8.4 (high): Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release…
CVE-2023-31240 — CVSS 8.3 (high): Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC…
CVE-2024-42051 — CVSS 7.8 (high): The MSI installer for Splashtop Streamer for Windows before 3.6.2.0 uses a temporary folder with weak permissions during installation. A…
CVE-2023-0635 — CVSS 7.8 (high): Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021…
CVE-2025-6523 — CVSS 7.7 (high): Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass…
CVE-2025-2229 — CVSS 7.7 (high): A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations.
CVE-2024-32759: Under certain circumstances the Software House C●CURE 9000 installer will utilize weak credentials.
CVE-2026-22910 — CVSS 7.5 (high): The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized…
CVE-2025-59460 — CVSS 7.5 (high): The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting…
CVE-2025-35970 — CVSS 7.5 (high): On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information…
CVE-2025-52364 — CVSS 7.5 (high): Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows the telnet service (telnetd) by default at boot via the…
CVE-2024-45722 — CVSS 7.5 (high): Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily…
CVE-2024-45272 — CVSS 7.5 (high): An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of…
CVE-2025-6737 — CVSS 7.2 (high): Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious…
CVE-2024-40892 — CVSS 7.1 (high): A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close…
CVE-2026-47325: ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the…
CVE-2024-42027 — CVSS 6.7 (medium): The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they…
CVE-2024-21865 — CVSS 6.5 (medium): HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect…
CVE-2026-4377: Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who…
CVE-2026-57473: A vulnerability exists in the netclient and factory services of Reolink Home Hub (versions prior to v3.3.0.456_26031911) due to the…
CVE-2025-22936 — CVSS 5.7 (medium): An issue in Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router SAM-4G1G-TT-W-VC, SAM-4F1F-TT-W-A1 allows a remote attacker to obtain…
CVE-2025-4057 — CVSS 5.5 (medium): A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR…
CVE-2025-55584 — CVSS 5.3 (medium): TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account.
CVE-2026-24449 — CVSS 4.6 (medium): For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information.
CVE-2025-32471 — CVSS 3.7 (low): The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks.
CVE-2025-1081 — CVSS 3.1 (low): A vulnerability was found in Bharti Airtel Xstream Fiber up to 20250123. It has been rated as problematic. This issue affects some unknown…