CVE-2026-33784

EUVD-2026-21203

09.04.2026, 22:16

A Use of Default Password vulnerability in the Juniper Networks

Support Insights (JSI)

Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device.

vLWC software images ship with an initial password for a high privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible.This issue affects all versions of vLWC before 3.0.94.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-1393 - Use of Default Password
The product uses default passwords for potentially critical functionality.

Vulnerability Media Exposure

[GERMAN] Juniper: Unter anderem Root-Sicherheitslücken in Junos OS geschlossen
Angreifer können an zahlreichen Schwachstellen im Netzwerkbetriebssystem Junos OS ansetzen. Nun gibt es Sicherheitsupdates.
Published: 2026-04-09T13:44:00+00:00

References

https://kb.juniper.net/JSA107871