("admin/admin" or similar). If these aren't changed, an attacker can literally only log in. The particular Mirai botnet inside 2016 famously infected millions of IoT devices by just trying a directory of standard passwords for products like routers and even cameras, since users rarely changed all of them.
- Directory record enabled over a web server, exposing just about all files if simply