Malicious campaigns are using password spraying as a type of brute-force attack to find weak passwords at healthcare and medical facilities.
Link to original article
It works in most cases. A lot of routers had password as password for a good long time here.
mvp Ah, the good old factory default - you know, the one that is never changed !