High
CVE-2026-9844
Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology (RabbitMQ Management interface modules) allows Default Usernames and Passwords. This issue affects navify Digita…
Tag: Default Credentials
All CVEs associated with "Default Credentials". Page 1/5 • 518 CVEs.
Subscribe CVEs: RSS for “Default Credentials” · RSS (High+Critical only)
About “Default Credentials”
A curated feed of “Default Credentials”-related CVEs appears below. We currently track 518 CVEs for this tag (all time). In the last 365 days, 100 were published. Average CVSS is 8.4 (all time; 8.0 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-1392 - Use of Default Credentials, CWE-798 - Use of Hard-coded Credentials, CWE-1393 - Use of Default Password.
In our taxonomy this topic maps to a HIGH impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2026-06-02
2026-06-01
High
CVE-2026-44825
Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access…
2026-05-28
Medium
CVE-2026-4377
Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the defaul…
2026-05-27
High
CVE-2026-7365
IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, w…
2026-05-26
Medium
CVE-2025-36221
IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the inst…
2026-05-22
Medium
CVE-2026-8672
Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0.
2026-05-18
Low
CVE-2026-8803
A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation cau…
2026-05-13
High
CVE-2020-37220
Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can quer…
2026-05-12
Critical
CVE-2026-7428
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited…
2026-04-24
Critical
CVE-2026-39920
BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated…
High
CVE-2026-39462
A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device…
2026-04-10
Critical
CVE-2026-33707
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1($email) with no random component, no expiration, and no…
2026-04-09
Critical
CVE-2026-33784
A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control…
2026-03-23
Critical
CVE-2026-4404
Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI.
2026-03-11
Critical
CVE-2023-27573
netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In prac…
2026-03-06
High
CVE-2026-28713
Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, Acronis Cyber Protect 17 (V…
2026-03-03
Critical
CVE-2026-22886
OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication. However, the product ships with a default administrative account (admin/ admin) and does not enforc…
2026-02-27
Critical
CVE-2026-27751
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attack…
2026-02-25
Medium
CVE-2026-3186
A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the compo…
2026-02-24
Critical
CVE-2026-26341
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker w…
High
CVE-2025-13776
Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to rea…
2026-02-20
Critical
CVE-2026-2635
MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not requ…
2026-02-18
Critical
CVE-2025-70998
UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a craf…
2026-02-15
Critical
CVE-2026-26366
eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. U…
2026-02-12
Critical
CVE-2026-26218
newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset…
High
CVE-2025-54756
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest rele…
2026-02-06
Critical
CVE-2026-25803
3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials (admin/admin) upon the first…
Critical
CVE-2026-25753
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. Th…
Medium
CVE-2026-1972
A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Performing a manipulation of the argument Username/Password results in use of default…
2026-02-03
High
CVE-2026-1803
A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0. Impacted is an unknown function of the component Dropbear SSH Service. This manipulation causes use of default credentials. Remote exploi…
2026-01-28
High
CVE-2025-7740
Default credentials vulnerability exists in SuprOS product. If exploited, this could allow an authenticated local attacker to use an admin account created during product deployment.
2026-01-27
Critical
CVE-2026-24346
Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application
2026-01-26
Critical
CVE-2026-24429
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefined default password for a built-in authentication account that is not required to be changed during…
Medium
CVE-2025-59102
The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MI…
Medium
CVE-2025-59096
The default password for the extended admin user mode in the application U9ExosAdmin.exe ("Kaba 9300 Administration") is hard-coded in multiple locations as well as documented in the locally stored u…
2026-01-23
High
CVE-2026-22273
Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote acces…
2026-01-20
High
CVE-2025-58744
Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials d…
2026-01-16
Critical
CVE-2021-47796
Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credential vulnerability that allows unauthenticated attackers to access a Linux shell. Attackers can connect to port 23 using the default…
2026-01-15
High
CVE-2026-22910
The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the s…
2026-01-08
High
CVE-2019-25289
SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit t…
2026-01-06
High
CVE-2020-36915
Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can explo…
High
CVE-2020-36910
Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with def…
2025-12-30
Critical
CVE-2025-15111
Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default…
Critical
CVE-2022-50803
JM-DATA ONU JF511-TV version 1.0.67 uses default credentials that allow attackers to gain unauthorized access to the device with administrative privileges.
2025-12-24
High
CVE-2018-25147
Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized roo…
2025-12-22
Critical
CVE-2025-67418
ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log…
2025-12-18
Critical
CVE-2025-56157
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuratio…
2025-12-10
Medium
CVE-2025-67513
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 dig…
Critical
CVE-2025-13955
Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II before version 1.17478.177 allows attackers in Wi-Fi range to gain access to the dongle by calculating the default pa…
2025-12-04
Critical
CVE-2025-54303
The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are stored as fixtures for the Django ORM API. The ionadmin user account can be used to authenticate to d…
Critical
CVE-2025-53963
An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmi…
2025-11-12
Critical
CVE-2025-63353
A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default password…
2025-10-25
Critical
CVE-2025-12218
Weak Default Credentials.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
2025-10-22
High
CVE-2025-41719
A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and t…
2025-10-20
Critical
CVE-2025-10678
NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's pro…
2025-10-19
High
CVE-2025-11943
A vulnerability has been found in 70mai X200 up to 20251010. Affected by this vulnerability is an unknown functionality of the component HTTP Web Server. The manipulation leads to use of default cred…
2025-10-16
Critical
CVE-2025-34516
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to servi…
2025-09-29
Critical
CVE-2025-34223
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) contain a default admin account and an installa…
Medium
CVE-2025-57428
Default credentials in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to gain access to the debug shell exposed via Telnet on Port 23 and execute hardware-l…
2025-09-25
High
CVE-2025-10957
This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router due to improper access control in its FTP service. A remote attacker could exploit this vulnerability by establishing an FTP conne…
2025-09-18
High
CVE-2025-57295
H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. The root user account has no password set, and the H3C user account uses t…
2025-09-17
Critical
CVE-2025-8077
A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in `admin` account. If this password is not changed immediat…
2025-09-12
High
CVE-2025-57579
An issue in TOTOLINK Wi-Fi 6 Router Series Device X2000R-Gh-V2.0.0 allows a remote attacker to execute arbitrary code via the default password
High
CVE-2025-57578
An issue in H3C Magic M Device M2V100R006 allows a remote attacker to execute arbitrary code via the default password
High
CVE-2025-57577
An issue in H3C Device R365V300R004 allows a remote attacker to execute arbitrary code via the default password. NOTE: the Supplier's position is that their "product lines enforce or clearly prompt u…
2025-09-09
Critical
CVE-2025-55051
CWE-1392: Use of Default Credentials
2025-08-31
Low
CVE-2025-9725
A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard…
2025-08-30
High
CVE-2012-10062
A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service,…
2025-08-28
Low
CVE-2025-9589
A vulnerability was determined in Cudy WR1200EA 2.3.7-20250113-121810. Affected is an unknown function of the file /etc/shadow. Executing manipulation can lead to use of default password. The attack…
Low
CVE-2025-9577
A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulat…
Low
CVE-2025-9576
A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown function of the file /etc/shadow of the component Administrative Interface. The manipulation leads to use of…
2025-08-26
High
CVE-2025-35114
Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials coul…
2025-08-25
Medium
CVE-2025-29525
DASAN GPON ONU H660WM OS version H660WMR210825 Hardware version DS-E5-583-A1 was discovered to contain insecure default credentials in the modem's control panel.
Medium
CVE-2025-29521
Insecure default credentials for the Adminsitrator account of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to escalate privileges via a bruteforce attack.
2025-08-20
Medium
CVE-2025-57789
During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before a…
2025-08-19
Medium
CVE-2025-55740
nginx-defender is a high-performance, enterprise-grade Web Application Firewall (WAF) and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affec…
2025-08-17
High
CVE-2025-7342
A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These cred…
2025-08-13
High
CVE-2012-10056
PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/documents/uploads/ direct…
Medium
CVE-2025-2184
A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default cr…
2025-08-08
High
CVE-2012-10042
Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials (admin:secret) and allows authenticated u…
Critical
CVE-2025-8731
A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The manipulation leads to use of default creden…
2025-08-06
High
CVE-2025-7769
Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api endpoint when the DEVICE_PING command is called, allowing remote code execution due to improper handlin…
2025-08-04
Medium
CVE-2025-8530
A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\src\main\resources\co…
2025-08-01
High
CVE-2013-10059
An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. The web interface fails to san…
2025-07-28
Critical
CVE-2025-30125
An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All dashcams were shipped with the same default credentials of 12345678, which creates an insecure-by-default condition. For users w…
Critical
CVE-2025-30133
An issue was discovered on IROAD Dashcam FX2 devices. Bypass of Device Pairing/Registration can occur. It requires device registration via the "IROAD X View" app for authentication, but its HTTP serv…
2025-07-25
Critical
CVE-2025-29629
Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 use weak default credentials for secure shell access. This may result in…
2025-07-22
Medium
CVE-2025-43021
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the use and retrieval of the default password. HP has a…
High
CVE-2025-54137
HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts…
2025-07-20
Medium
CVE-2025-7907
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml o…
2025-07-16
Medium
CVE-2025-53758
This vulnerability exists in Digisol DG-GR6821AC Router due to use of default admin credentials at its web management interface. An attacker with physical access could exploit this vulnerability by e…
2025-07-11
Critical
CVE-2025-7503
An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet service (port 23) with undocumented, default credentials. The Telnet service is enabled by default and…
2025-07-01
High
CVE-2025-34058
Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credential…
Medium
CVE-2025-6951
A vulnerability classified as problematic was found in SAFECAM X300 up to 20250611. This vulnerability affects unknown code of the component FTP Service. The manipulation leads to use of default cred…
2025-06-23
High
CVE-2025-6529
A vulnerability was found in 70mai M300 up to 20250611 and classified as critical. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation leads to use…
2025-06-19
Critical
CVE-2025-24288
The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts (most with sudo access) that utilize the same…
2025-06-12
High
CVE-2025-5484
A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on the receiver. The default passwor…
2025-06-10
Critical
CVE-2025-40585
A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This could allow an attacker to gain control of G5DFR com…
High
CVE-2025-46612
The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the a…
2025-06-06
High
CVE-2025-2766
70mai A510 Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of 70mai A510. Authenti…
2025-06-02
Medium
CVE-2024-40113
Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials.
2025-05-30
Medium
CVE-2025-4633
Default credentials were present in the web portal for Airpointer 2.4.107-2, allowing an unauthenticated malicious actor to log in via the web portal
2025-05-24
High
CVE-2025-5124
A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. This affects an unknown part of the component Adminis…
Critical
CVE-2025-5058
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_image() function in all versions up to, and inc…
Critical
CVE-2025-4603
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to,…
Medium
CVE-2025-4602
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to, and including, 1.2.5 via the get_file() function. This makes it possible…
High
CVE-2025-4336
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_file() function in all versions up to, and incl…
2025-05-13
High
CVE-2025-22460
Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.
2025-05-09
Critical
CVE-2025-28200
Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address.
2025-04-10
Critical
CVE-2025-27690
Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability…
2025-03-31
Critical
CVE-2025-22938
Adtran 411 ONT L80.00.0011.M2 was discovered to contain weak default passwords.
2025-03-28
Medium
CVE-2025-2921
A vulnerability classified as critical has been found in Netis WF-2404 1.1.124EN. Affected is an unknown function of the file /etc/passwd. The manipulation with the input Realtek leads to use of defa…
2025-03-25
High
CVE-2025-30118
An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper mul…
2025-03-18
Critical
CVE-2025-30139
An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials that cannot be changed. This allows any n…
Critical
CVE-2025-30122
An issue was discovered on ROADCAM X3 devices. It has a uniform default credential set that cannot be modified by users, making it easy for attackers to gain unauthorized access to multiple devices.
Critical
CVE-2025-30115
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Cannot Be Changed. It uses a fixed default SSID and password ("qwertyuiop"), which cannot be modified by…
High
CVE-2025-30106
On IROAD v9 devices, the dashcam has hardcoded default credentials ("qwertyuiop") that cannot be changed by the user. This allows an attacker within Wi-Fi range to connect to the device's network to…
2025-03-17
High
CVE-2025-2398
A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been rated as critical. This issue affects some unknown process…
High
CVE-2024-49559
Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Use of Default Password vulnerability. A low privileged attacker with remote access could potentially…
2025-03-16
Medium
CVE-2025-2347
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308 and classified as problematic. This issue affects some unknown processing of the component Device Registration. The manipulation of the…