Skip to main content

CWE-1391

Use of Weak Credentials

41 CVEs Avg CVSS 7.5 MITRE
10
CRITICAL
16
HIGH
11
MEDIUM
3
LOW
3
POC
0
KEV

Monthly

CVE-2026-57473 MEDIUM PATCH This Month

Credential brute-force exposure in Reolink Home Hub (versions prior to v3.3.0.456_26031911) enables adjacent-network attackers to crack authentication credentials used between the Hub and its associated cameras. The netclient and factory services transmit or store credentials in a manner susceptible to brute-force attack, allowing an adversary on the same local network to intercept Hub-to-camera traffic and recover camera credentials. No public exploit or CISA KEV listing is present at time of analysis; however, the CVSS 4.0 subsequent-system impact is rated High across confidentiality, integrity, and availability, reflecting full camera compromise potential once credentials are cracked.

Information Disclosure Home Hub
NVD VulDB
CVSS 4.0
5.8
EPSS
0.1%
CVE-2026-47325 MEDIUM This Month

Predictable credential generation in ProjectsAndPrograms school-management-system allows unauthenticated remote attackers to derive valid account passwords for any student or teacher whose date of birth is known or guessable. Passwords are constructed deterministically from the user's date of birth alone (e.g., 12072000 for 12 July 2000), and the application never prompts users to change this default credential, leaving accounts permanently exposed. CVSS 4.0 rates this 6.9 with a fully network-accessible, no-authentication attack vector; no public exploit code has been identified at time of analysis, but the trivial exploitation logic requires no tooling.

Authentication Bypass
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-4377 MEDIUM PATCH This Month

Weak default credential generation in the D-Link DWR-X1820 router exposes administrative access to adjacent-network attackers who can derive the device password from its IMEI number. All devices running firmware prior to 1.00B16CP are affected when users have not changed the factory-set password - a common real-world condition for consumer-grade routers. An attacker with knowledge of the IMEI-to-password derivation algorithm and physical or logical access to the IMEI (e.g., from the device label) can authenticate to the router admin interface without prior credentials. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure D-Link
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-35089 HIGH PATCH This Week

Predictable secure-key generation in Slican telephone exchanges (IPx, CCT-1668, MAC-6400, and CXS-0424 series) lets a remote unauthenticated attacker reconstruct the device's secure key from exchange properties that are readable without credentials, then derive administrator credentials. The flaw is network-reachable with low attack complexity and no authentication (CVSS 4.0 base 8.7), and while fixed firmware is available for supported lines, discontinued 4.xx and earlier units remain permanently exposed. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-8076 CRITICAL PATCH Act Now

Brute-force authentication bypass in CashDro 3 web administration panel 24.01.00.26 enables remote unauthenticated attackers to gain full administrative access. The system accepts numeric PINs without account lockout mechanisms, a legacy design from 2012 POS integrations. Successful exploitation grants access to confidential configuration settings with high impact to confidentiality and integrity (CVSS 9.3). No public exploit identified at time of analysis, though exploitation is trivial given the vulnerability class. Patch available per vendor advisory from INCIBE.

Authentication Bypass Cashdro 3 Administration Panel
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-23853 HIGH PATCH This Week

Local attackers can gain full system access to Dell PowerProtect Data Domain storage systems without authentication due to weak default credentials in DD OS versions 7.7.1.0-8.5, 8.3.1.0-8.3.1.20, and 7.13.1.0-7.13.1.50. The vulnerability allows complete system compromise (CVSS 8.4) with high confidentiality, integrity, and availability impact despite requiring local access. No active exploitation confirmed (EPSS 0.01%, not in CISA KEV), and Dell has released patches across all affected release branches. SSVC framework rates this as total technical impact but non-automatable and not currently exploited.

Authentication Bypass Dell
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-67114 CRITICAL Act Now

Use of a deterministic credential generation algorithm in /ftl/bin/calc_f2 in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the...

Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-22886 CRITICAL Act Now

Default admin credentials in OpenMQ message broker. Shipped with known default admin password.

Information Disclosure Openmq
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-24449 MEDIUM This Month

WRC-X1500GS-B and WRC-X1500GSA-B routers contain a weak credential derivation vulnerability where initial administrative passwords can be predicted from publicly available system information, potentially allowing unauthenticated attackers to gain administrative access. The vulnerability requires physical proximity to the device to obtain necessary system details, limiting its practical exploitability. No patch is currently available for affected devices.

Information Disclosure Wrc X1500Gsa B Firmware Wrc X1500Gs B Firmware
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-59103 Monitor

with the restriction that the password is only randomized if the configured date versions up to 2022. contains a security vulnerability.

Linux Windows SSH
NVD
EPSS
0.1%
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Credential brute-force exposure in Reolink Home Hub (versions prior to v3.3.0.456_26031911) enables adjacent-network attackers to crack authentication credentials used between the Hub and its associated cameras. The netclient and factory services transmit or store credentials in a manner susceptible to brute-force attack, allowing an adversary on the same local network to intercept Hub-to-camera traffic and recover camera credentials. No public exploit or CISA KEV listing is present at time of analysis; however, the CVSS 4.0 subsequent-system impact is rated High across confidentiality, integrity, and availability, reflecting full camera compromise potential once credentials are cracked.

Information Disclosure Home Hub
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Predictable credential generation in ProjectsAndPrograms school-management-system allows unauthenticated remote attackers to derive valid account passwords for any student or teacher whose date of birth is known or guessable. Passwords are constructed deterministically from the user's date of birth alone (e.g., 12072000 for 12 July 2000), and the application never prompts users to change this default credential, leaving accounts permanently exposed. CVSS 4.0 rates this 6.9 with a fully network-accessible, no-authentication attack vector; no public exploit code has been identified at time of analysis, but the trivial exploitation logic requires no tooling.

Authentication Bypass
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Weak default credential generation in the D-Link DWR-X1820 router exposes administrative access to adjacent-network attackers who can derive the device password from its IMEI number. All devices running firmware prior to 1.00B16CP are affected when users have not changed the factory-set password - a common real-world condition for consumer-grade routers. An attacker with knowledge of the IMEI-to-password derivation algorithm and physical or logical access to the IMEI (e.g., from the device label) can authenticate to the router admin interface without prior credentials. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure D-Link
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Predictable secure-key generation in Slican telephone exchanges (IPx, CCT-1668, MAC-6400, and CXS-0424 series) lets a remote unauthenticated attacker reconstruct the device's secure key from exchange properties that are readable without credentials, then derive administrator credentials. The flaw is network-reachable with low attack complexity and no authentication (CVSS 4.0 base 8.7), and while fixed firmware is available for supported lines, discontinued 4.xx and earlier units remain permanently exposed. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Information Disclosure
NVD
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Brute-force authentication bypass in CashDro 3 web administration panel 24.01.00.26 enables remote unauthenticated attackers to gain full administrative access. The system accepts numeric PINs without account lockout mechanisms, a legacy design from 2012 POS integrations. Successful exploitation grants access to confidential configuration settings with high impact to confidentiality and integrity (CVSS 9.3). No public exploit identified at time of analysis, though exploitation is trivial given the vulnerability class. Patch available per vendor advisory from INCIBE.

Authentication Bypass Cashdro 3 Administration Panel
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Local attackers can gain full system access to Dell PowerProtect Data Domain storage systems without authentication due to weak default credentials in DD OS versions 7.7.1.0-8.5, 8.3.1.0-8.3.1.20, and 7.13.1.0-7.13.1.50. The vulnerability allows complete system compromise (CVSS 8.4) with high confidentiality, integrity, and availability impact despite requiring local access. No active exploitation confirmed (EPSS 0.01%, not in CISA KEV), and Dell has released patches across all affected release branches. SSVC framework rates this as total technical impact but non-automatable and not currently exploited.

Authentication Bypass Dell
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Use of a deterministic credential generation algorithm in /ftl/bin/calc_f2 in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the...

Authentication Bypass
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Default admin credentials in OpenMQ message broker. Shipped with known default admin password.

Information Disclosure Openmq
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

WRC-X1500GS-B and WRC-X1500GSA-B routers contain a weak credential derivation vulnerability where initial administrative passwords can be predicted from publicly available system information, potentially allowing unauthenticated attackers to gain administrative access. The vulnerability requires physical proximity to the device to obtain necessary system details, limiting its practical exploitability. No patch is currently available for affected devices.

Information Disclosure Wrc X1500Gsa B Firmware Wrc X1500Gs B Firmware
NVD
EPSS 0%
Monitor

with the restriction that the password is only randomized if the configured date versions up to 2022. contains a security vulnerability.

Linux Windows SSH
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy