There are various databases that keep a running list of known default credentials. One of them is theĀ DefaultCreds-Cheat-Sheet.
Default credentials can also be found in the product documentation, as they contain the steps necessary to set up the service successfully. Some devices/applications require the user to set up a password at install, but others use a default, weak password. Attacking those services with the default or obtained credentials is calledĀ Credential Stuffing.
hydra -C <user_pass.list> <protocol>://<IP>
https://raw.githubusercontent.com/ihebski/DefaultCreds-cheat-sheet/main/DefaultCreds-Cheat-Sheet.csv