So actually CVE is because default configuration has HTTP enabled? lol
Let's create CVE regarding blank admin password after netinstall. Like for this case. 
I have feeling that some security “experts” just want to build CVE portfolio to get some rank.