CWE-1188: Initialization of a Resource with an Insecure Default

Base Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

观察示例

参考: CVE-2022-36349

insecure default variable initialization in BIOS firmware for a hardware board allows DoS

参考: CVE-2022-42467

A generic database browser interface has a default mode that exposes a web server to the network, allowing queries to the database.

关键信息

CWE ID: CWE-1188

抽象级别: Base

结构: Simple

状态: Incomplete

相关弱点
ChildOf CWE-1419

Incorrect Initialization of Resource

Class
ChildOf CWE-665

Improper Initialization

Class
相关攻击模式
CAPEC-665
返回列表