Skip to main content

Virtual Lightweight Collector

1 CVEs product

Monthly

CVE-2026-33784 CRITICAL PATCH Act Now

Full device takeover in Juniper Networks Support Insights Virtual Lightweight Collector (vLWC) before 3.0.94 via hardcoded default credentials. The vLWC software ships with an unchangeable initial password for a high-privileged account with no enforced password change during provisioning, enabling unauthenticated remote attackers to gain complete system control. CVSS v4.0 score 9.3 (Critical). No public exploit identified at time of analysis.

Authentication Bypass Juniper Virtual Lightweight Collector
NVD
CVSS 4.0
9.3
EPSS
0.0%
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Full device takeover in Juniper Networks Support Insights Virtual Lightweight Collector (vLWC) before 3.0.94 via hardcoded default credentials. The vLWC software ships with an unchangeable initial password for a high-privileged account with no enforced password change during provisioning, enabling unauthenticated remote attackers to gain complete system control. CVSS v4.0 score 9.3 (Critical). No public exploit identified at time of analysis.

Authentication Bypass Juniper Virtual Lightweight Collector
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy