Weaknesses of type CWE-1391
50 resultsCVE-2024-51978CRITICALAuthentication bypass via default password generation affecting multiple models from Brother Industries, Ltd, Toshiba Tec, and Konica Minolta, Inc.EPSS 23.6%CVE-2025-53558HIGHZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, anEPSS 1.3%CVE-2024-12728CRITICALA weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3)EPSS 0.9%CVE-2024-40892HIGHFirewalla BTLE Weak CredentialsEPSS 0.9%CVE-2024-43659HIGHPlaintext default credentials in firmwareEPSS 0.8%CVE-2025-6077CRITICALCVE-2025-6077EPSS 0.8%CVE-2024-11717MEDIUMTokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sentEPSS 0.6%CVE-2024-45272HIGHMB connect line/Helmholz: Generation of weak passwords vulnerabilityEPSS 0.6%CVE-2026-35089HIGHUse of Weak Credentials in Slican telephone exchangesEPSS 0.6%CVE-2023-48257HIGHThe vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) witEPSS 0.5%CVE-2026-39920CRITICALBridgeHead FileStore < 24A Apache Axis2 Default Credentials RCEEPSS 0.5%CVE-2023-31240HIGHSnap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC EPSS 0.5%CVE-2024-42027MEDIUMThe E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they havEPSS 0.5%CVE-2025-67114CRITICALUse of a deterministic credential generation algorithm in /ftl/bin/calc_f2 in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware befEPSS 0.5%CVE-2025-52364HIGHInsecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows the telnet service (telnetd) by default at boot via the initiEPSS 0.5%CVE-2024-7558HIGHJUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unpriEPSS 0.5%CVE-2022-3010HIGHPredictable SSH credentials in Priva TopControl SuiteEPSS 0.5%CVE-2024-45722HIGHRuijie Reyee OS Use of Weak CredentialsEPSS 0.5%CVE-2024-28066HIGHIn Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).EPSS 0.5%CVE-2026-22910HIGHThe device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized acEPSS 0.4%