Skip to content

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Learn

All guides
What is a CVE?
What is CVSS?
The CISA KEV catalog
What is EPSS?

Company

About us
Blog
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

Home
Weaknesses (CWE)
CWE-1392

CWE-1392: Use of Default Credentials

Base weakness

Incomplete

CWE-1392: Use of Default Credentials

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

Last updated May 1, 2026

93

Recorded CVEs

With this primary weakness

0

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

It is common practice for products to be designed to use default keys, passwords, or other mechanisms for authentication. The rationale is to simplify the manufacturing process or the system administrator's task of installation and deployment into an enterprise. However, if admins do not change the defaults, it is easier for attackers to bypass authentication quickly across multiple organizations.

Real-world CVEs

93 recorded CVEs are caused by CWE-1392 (Use of Default Credentials). The highest-severity and most recent are shown first. 22 new CWE-1392 CVEs have been recorded so far in 2026 (45 in 2025).

CVE-2025-12218
Weak Default Credentials
Critical · CVSS 10.0
2025-10-25
CVE-2025-55051
Critical · CVSS 10.0
2025-09-09
CVE-2023-3703
Proscend Advice ICR Series routers fw version 1.76
Critical · CVSS 10.0
2023-09-03

On this page

Overview
Real-world CVEs
Common consequences
How it happens
How to prevent it
Code examples
Illustrative examples
Related weaknesses
FAQ
References

RustFS: Internode RPC HMAC secret falls back to public default credential, enabling peer impersonation

Critical · CVSS 9.8

Tyler Identity Local (TID-L) default administrative credentials

Critical · CVSS 9.8

Nornicdb: Improper Network Binding in NornicDB Bolt Server allows unauthorized remote access

Critical · CVSS 9.8

Critical · CVSS 9.8

SODOLA SL902-SWTGW124AS <= 200.1.20 Use of Default Credentials

Critical · CVSS 9.8

JUNG eNet SMART HOME server 2.2.1/2.3.1 Use of Default Credentials

Critical · CVSS 9.8

JM-DATA ONU JF511-TV 1.0.67 Default Credentials Vulnerability

Critical · CVSS 9.8

Critical · CVSS 9.8

Insecure Default Admin Credentials Enable Full Administrative Access in iMonitor EAM

Critical · CVSS 9.8

Showing 12 of 93 recorded CWE-1392 CVEs. Track new ones as they are published and get AI-written analysis and fixes.

Monitor CWE-1392 vulnerabilities

Common consequences

What can happen when CWE-1392 is exploited.

Gain Privileges or Assume Identity

Affects: Authentication

How it happens

When it is introduced

Typically introduced during these phases of the software lifecycle.

Architecture and Design

Applies to

Technologies

ICS/OT

How to prevent it

Practical mitigations for CWE-1392, grouped by where in the lifecycle they apply.

Requirements

Prohibit use of default, hard-coded, or other values that do not vary for each installation of the product - especially for separate organizations.

Effectiveness: High

Architecture and Design

Force the administrator to change the credential upon installation.

Effectiveness: High

Installation

Operation

The product administrator could change the defaults upon installation or during operation.

Effectiveness: Moderate

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these products were often used in industries such as power, electrical, water, and others, there could even be safety implications.

At least one OT product used default credentials.

Illustrative examples

Real CVEs that MITRE cites as examples of this weakness.

CVE-2022-30270 — Remote Terminal Unit (RTU) uses default credentials for some SSH accounts
CVE-2021-41192 — data visualization/sharing package uses default secret keys or cookie values if they are not specified in environment variables
CVE-2021-38759 — microcontroller board has default password, allowing admin access
CVE-2018-3825 — cloud cluster management product has a default master encryption key
CVE-2010-2306 — Intrusion Detection System (IDS) uses the same static, private SSL keys for multiple devices and installations, allowing decryption of SSL traffic

Related weaknesses

How this weakness relates to others in the CWE hierarchy.

Parent

CWE-1391: Use of Weak Credentials

Child

CWE-1393: Use of Default Password
CWE-1394: Use of Default Cryptographic Key

Frequently asked questions

Common questions about CWE-1392.

What is CWE-1392?

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

What CVEs are caused by CWE-1392?

93 recorded CVEs are attributed to CWE-1392, including CVE-2025-12218, CVE-2025-55051, CVE-2023-3703.

How do you prevent CWE-1392?

Prohibit use of default, hard-coded, or other values that do not vary for each installation of the product - especially for separate organizations.

What are the consequences of CWE-1392?

Exploiting CWE-1392 can lead to: Gain Privileges or Assume Identity.

Is CWE-1392 actively exploited?

93 recorded CVEs are caused by CWE-1392; none are currently in CISA's KEV catalog of actively exploited flaws.

References

MITRE CWE definition (CWE-1392) (opens in a new tab)
CWE-1392 vulnerabilities on NVD (opens in a new tab)
Learn: What is a CWE?

Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.

Stay ahead of CWE-1392

Get alerted the moment a new CWE-1392 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.

Start free See pricing