MegaRAC Default Credentials Vulnerability

MegaRAC devices come with default usernames and passwords that are not changed during installation. An attacker with network access can use these credentials to log in and take full control of the device.

CWE-798 hardcoded credentials in MegaRAC BMC allow unauthenticated network-based attackers to gain administrative access without modification of default credentials. Pre-condition requires network connectivity to the management interface; impact includes full system compromise and remote code execution.