Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-11057

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-28 Apr, 2020 | 16:11
Updated At-06 Aug, 2024 | 03:47
Rejected At-
Credits

Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:28 Apr, 2020 | 16:11
Updated At:06 Aug, 2024 | 03:47
Rejected At:
▼CVE Numbering Authority (CNA)

Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management
x_refsource_CONFIRM
Hyperlink: https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management
x_refsource_CONFIRM
x_transferred
Hyperlink: https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:28 Apr, 2020 | 17:15
Updated At:06 May, 2020 | 19:57

Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches

NETGEAR, Inc.
netgear
>>jnr1010_firmware>>Versions before 2017-01-06(exclusive)
cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jnr1010>>v2
cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jwnr2000_firmware>>Versions before 2017-01-06(exclusive)
cpe:2.3:o:netgear:jwnr2000_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jwnr2000>>v5
cpe:2.3:h:netgear:jwnr2000:v5:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jwnr2010_firmware>>Versions before 2017-01-06(exclusive)
cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jwnr2010>>v5
cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6220_firmware>>Versions before 2017-01-06(exclusive)
cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6220>>-
cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wndr3700_firmware>>Versions before 2017-01-06(exclusive)
cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wndr3700>>v5
cpe:2.3:h:netgear:wndr3700:v5:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr1000_firmware>>Versions before 2017-01-06(exclusive)
cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr1000>>v4
cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2020_firmware>>Versions before 2017-01-06(exclusive)
cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2020>>-
cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2020_firmware>>Versions before 2017-01-06(exclusive)
cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2020>>v2
cpe:2.3:h:netgear:wnr2020:v2:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr614_firmware>>Versions before 2017-01-06(exclusive)
cpe:2.3:o:netgear:wnr614_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr614>>-
cpe:2.3:h:netgear:wnr614:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr618_firmware>>Versions before 2017-01-06(exclusive)
cpe:2.3:o:netgear:wnr618_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr618>>-
cpe:2.3:h:netgear:wnr618:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-managementcve@mitre.org
Vendor Advisory
Hyperlink: https://kb.netgear.com/29960/NETGEAR-Product-Vulnerability-Advisory-Potential-security-issue-associated-with-remote-management
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

476Records found

CVE-2019-16649
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-0.92% / 55.88%
||
7 Day CHG~0.00%
Published-21 Sep, 2019 | 01:54
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.

Action-Not Available
Vendor-supermicron/a
Product-x10sra-fx10qrh\+x9drw-c\(t\)f31_firmwarex9srh-7\(t\)f_firmwareb10drt-ibf_firmwarex11sdd-18c-fa1sai-2550fx9drff-7\/i\(t\)g\+_firmwarex10drt-p_firmwarex10qblx11spw-ctfx10drt-hibfb2ss1-mtfx9srw-f_firmwarex10drh-i_firmwarex9da7\/e_firmwarex10sll\+-fx10dri-t_firmwarex10drt-pibq_firmwareb9drpx9drd-it\+_firmwareb2ss1-cf_firmwarem11sdv-8c-ln4f_firmwarex10sdv-4c\+-tln4f_firmwareb9drix11dpi-n_firmwarex10drt-px10drd-intp_firmwarex11opi-cpux9sci-ln4\(f\)_firmwarex11dpu-x_firmwarex11sca-wx10drsx10drg-ht_firmwarex10srg-fx10drg-h_firmwarex10drd-intx11qph\+_firmwareb10dri-nx10srh-cf_firmwarex10drw-i_firmwarex10srax10drt-pibf_firmwarex9drw-3ln4f\+\/3tf\+_firmwarex10drt-b\+_firmwarex10sra_firmwarex11sds-12cx10sae_firmwarex10qbl-ctx10qbl-4ct_firmwareb10drc_firmwarex11sse-fx11spm-fx10drh-it_firmwarex9drh-7\/i\(t\)f_firmwarex10qbl-ct_firmwarex10dsc\+x9dbl-3\/i\(f\)x11sph-nctfx9dr7\/e-ln4fx10sdv-7tp8fx9drff-7\/i\(t\)\+x9drl-3\/if_firmwarex9dr7\/e-tf\+b2ss2-mtfx11scm-ln8f_firmwarex11sse-f_firmwareb11dpe_firmwarex10drd-lx10sdv-f_firmwareb2ss2-h-mtfb11qpix10drff-ctgb10drg-ibf2_firmwarex10drd-l_firmwarex11ddw-nt_firmwarex11dpt-bhx10sdv-8c\+-ln2f_firmwarex11dsn-ts_firmwarem11sdv-8c\+-ln4fx11dpi-ntx11dpub1sd2-tf_firmwarex10drg-ot\+-cpu_firmwareb10drt-tp_firmwarex9drd-c\(n\)t\+_firmwareb9drtx10drt-pibqb9drg-ex10drc-t4\+_firmwarex11dpi-nt_firmwarex11ssw-4tf_firmwarex9drw-3\/ifx11sds-16c_firmwarex10drff-igx9scd_seriesx10sdv-tln4f_firmwarex9qr7-tf\+x11dpfr-sx9scl\+-fx10dri-t4\+_firmwarea1srm-2758f_firmwarex9drt-h_series_firmwarex10dru-xllx10srm-tfx10sle-dfb11spe-cpu-tf_firmwarex11ssl-nfa1srm-ln7f-2358x10drh-c_firmwarex11sph-nctf_firmwarex10drd-itx10sdv-fa1sai-2750f_firmwarex9scm\(-f\)_firmwarex10dru-xll_firmwarex11spi-tf_firmwarex9drt-hf\+x10drt-b\+x11dsn-tsqx10drw-ntx10sdv-8c-tln4f_firmwarex11dpt-psx11dpu-xll_firmwareb9drg-e_firmwarex11sch-ln4f_firmwarex9scl\(-f\)x11dph-i_firmwarex10srd-fa1srm-ln7f-2758b11spe-cpu-25g_firmwarex11ssmx11dgo-t_firmwarex11dpu-xa1srm-2758fx10drfr-ta1sri-2358f_firmwarex10drt-h_firmwarex10drc-ln4\+x9drg-qfx10slh-f_firmwarex10dsc\+_firmwarea1srm-ln7f-2358_firmwarex9sca\(-f\)x11sds-8c_firmwarex11dai-na1sai-2550f_firmwareb1sd2-16c-tfx11sri-if_firmwarex11scl-ifx10sll-sf_firmwarex11sdd-8c-fb2ss1-cpux11srm-vf_firmwarex10drt-hibf_firmwarex10drl-ct_firmwarem11sdv-4ct-ln4fx9drt-p_series_firmwarea1sa2-2750f_firmwarex9dr3\/i-ln4f\+_firmwarex9drd-7ln4f_series_firmwarex10drd-ltp_firmwarex9drw-7\/itpf\+x11spg-tf_firmwarex11ssh-ln4f_firmwarex11dpu-xllx10drff-cx9drh-if-nvx10dru-i\+x10drx_firmwarex10qbl-4x11ssw-tfx11dpff-sn_firmwarex9dr3\/i-fx10drh-cln4x9drt-p_seriesx11sdd-18c-f_firmwarex10srw-fx10drh-ctx9sae\(-v\)_firmwarex11dpl-i_firmwarex11opi-cpu_firmwarex10drh-itx10drfr_firmwareb11spe-cpu-tfx10sld-f_firmwarea1sri-2758f_firmwarex10drc-t4\+x10sde-dfx9srd-fx10drl-cx9drfrx11ssw-4tfx9drd-efx11sch-f_firmwarex9drl-7\/ef_firmwarex9daix9drw-7\/itpfm11sdv-8ct-ln4fx10sle-f_firmwarex10drff-cgx11srm-fb11dpex10srg-f_firmwarex10dri_firmwarex9sae\(-v\)x10srh-cfx11spm-tpfx10slm\+-ln4f_firmwarex9da7\/ex10drl-ln4_firmwarex10drw-nx11dsf-e_firmwarex11ssw-fm11sdv-8c-ln4fx11sca-f_firmwarex10sdd-f_firmwarex11scw-f_firmwareb10drg-ibf2x10sdv-8c\+-ln2fx10sdv-6c\+-tln4fx9srl\(-f\)_firmwarex9drt-hf\+_firmwarex11sch-ln4fx9drh-if-nv_firmwarex11ssh-ctfx10sdv-16c-tln4f\+x9dr7-jln4fx10drw-etx11dac_firmwarex9drg-h\(t\)f\+ii_firmwarex11ssh-gf-1585lb2ss1-mtf_firmwarex11scl-ln4fx11dpt-lx11dpff-snx10sdv-6c-tln4fx11ssl-cf_firmwarex10drt-libfx11spa-tf_firmwarex11ssl-cfx10drl-i_firmwarex10drt-psx11dgq_firmwarex11spw-ctf_firmwarex9drff-7\/i\(t\)\+_firmwarex9scl\+-f_firmwareb9drg_firmwareb10drt_firmwarex9drg-h\(t\)f_firmwarex11dsf-ex11scl-f_firmwarea1sam-2550fx9drfr_firmwarex9qri-fx10drg-ot\+-cpux9sre\/i_seriesx11dph-tqx10slm\+-ln4fx10drd-it_firmwarex10drg-q_firmwarem11sdv-4c-ln4f_firmwarea1sri-2558fx10srd-f_firmwarex10sll-sx10sdv-4c\+-tp4fx10sle-hfx10drg-o\+-cpua1sam-2750f_firmwarex10sl7-f_firmwarex11ssd-fx10drfr-ntx11spw-tf_firmwarex11dsc\+a1sa2-2750fb10drg-tpx9qri-f\+x10dgq_firmwarex9qr7-tfx9dax-7\/i\(t\)f_firmwarex10dgo-tx11dpu-vx10drh-cln4_firmwarex11dpi-nx10sdv-2c-7tp4fx10sdv-8c-tln4fb9drt_firmwarex10dri-ln4\+x10dri-tb10drix9drt_series_firmwarex11ssl-fx11dpfr-s_firmwarex10qbl-4_firmwarex10sdv-2c-tp8f_firmwarex10drd-itp_firmwarex10drl-ix10qbi_firmwarex10sle-hf_firmwarex11ssm_firmwareb11qpi_firmwarex11spa-tfx9db3\/i-\(tp\)fx9dax-7\/if-hft_firmwareb2ss1-f_firmwarex10sdv-4c-7tp4fx10sdv-16c-tln4f_firmwarex9dai_firmwarex9drff\(-7\)x11scm-ln8fx10slx-fx10drh-ct_firmwarex10drt-pibfx10slm-f_firmwarex9srh-7\(t\)fx11spw-tfx11ssw-tf_firmwarex10drg-hx9drff\(-7\)_firmwarex10drd-intpx11sri-ifx11srm-f_firmwarex9sre\/i_series_firmwarex11ddw-ntb2ss2-fx11ssh-gf-1585_firmwareb9dr7x11dpt-bh_firmwarex11dpx-tx11dpl-ix11dpt-l_firmwarex10sdv-tp8f_firmwarex11ssh-gtf-1585_firmwareb2ss1-fb9dri_firmwareb9drp_firmwarex10drd-int_firmwarex10sdv-8c-tln4f\+_firmwarea1sri-2558f_firmwarex9dax-7\/i\(t\)fx11scl-if_firmwarex10drg-o\+-cpu_firmwarex9drd-l\/if_firmwarex11dph-t_firmwarex11scm-fx9drg-h\(t\)f\+_firmwareb11spe-cpu-25gx10sdv-4c\+-tln4fx11dpg-ot-cpu_firmwarex10sdv-16c\+-tln4f_firmwarex10sdv-4c-tln2fx11ssh-gtf-1585l_firmwarex11scd-fx11ssl-nf_firmwarex10drw-n_firmwarex11scax11scd-f_firmwarex10saex10drw-et_firmwarex11sds-12c_firmwarex11srl-fx10drt-ptx11scl-ln4f_firmwarex10sri-f_firmwarex11dph-tx10drt-pt_firmwarex11dpu-ze\+_firmwarex10sle-fx10drfr-nt_firmwarex9srg-f_firmwarex10sll-fb1sd1-tf_firmwarex9sra_firmwarex10srh-cln4f_firmwarex10drw-ex10sld-hf_firmwarex10qbix10srw-f_firmwarex10drix10sdv-2c-tp4fx10sdv-12c-tln4f\+_firmwarex11ssh-gtf-1585x10srh-cln4fx11dacb2ss1-cpu_firmwareb1sd1-16c-tf_firmwarea1srm-2558f_firmwareb10drt-ibf2_firmwareb10drg-ibfx9drx\+-f_firmwarex11dpu-z\+x10srl-fx10dri-t4\+x10sdd-16c-fx10drff-itg_firmwarex10drw-nt_firmwarex10sdv-4c-tln4fx9qri-f\+_firmwarex9drh-7\/i\(t\)fx11ssh-tf_firmwarex9drw-3ln4f\+\/3tf\+x9dr3\/i-ln4f\+x10dru-i\+_firmwareb10drcx11sds-16ca1sam-2550f_firmwarex11dpt-ps_firmwarex10sle-df_firmwarex10drt-hx11dai-n_firmwareb10dri_firmwarex9drw-7\/itpf_firmwarex11ddw-lx10obi-cpu_firmwareb2ss1-cfx11dgqx11ssi-ln4f_firmwarex10sdv-7tp4f_firmwarex10drff-itgx10drw-e_firmwarex11dps-re_firmwarex10drff_firmwarex9scd_series_firmwarex10dsn-ts_firmwareb2ss1-h-mtf_firmwarex10drl-ln4x11dsn-tsq_firmwarex10drd-ix9dbu-3\/ifx11dph-ix10sll-s_firmwarex10srm-tf_firmwarex11dpt-bx9scm\(-f\)x11dpu_firmwarex11spg-tfx10slx-f_firmwarex11spm-tfx10slm\+-f_firmwarex9srg-fx10drxx10drw-ix9dbl-3\/i\(f\)_firmwarex10sat_firmwarex10drt-lx10sdv-8c-tln4f\+x10drh-ix11sch-fx10sla-fx10drffx10sri-fx10ddw-i_firmwarex11ssh-f_firmwarex10sla-f_firmwarex9drd-7ln4f_seriesx10sdv-7tp8f_firmwarex11srm-vfx10drd-ltx10dgo-t_firmwarex9drff-7\/i\(t\)g\+x10sdv-12c-tln4f_firmwareb10drt-ibf2x10drfr-n_firmwareb10drt-tpx10sdv-6c\+-tln4f_firmwarex10sdv-2c-7tp4f_firmwarex10drff-ig_firmwarex9scl\(-f\)_firmwareb10drc-n_firmwarex9drw-c\(t\)f31x11ssl_firmwarex11dpg-ot-cpux10drfr-nx10sdv-2c-tp4f_firmwarex10drg-qx10sdv-12c\+-tln4f_firmwareb10dri-n_firmwarex11srl-f_firmwarex9drt_seriesx10drfr-t_firmwarex10sdv-2c-tln2f_firmwarem11sdv-8c\+-ln4f_firmwarex10sra-f_firmwarex11scm-f_firmwarex10sdv-12c-tln4f\+x10slm\+-fx11spa-t_firmwarex11ssm-f_firmwarex10drl-c_firmwarex10dru-x_firmwareb10drg-tp_firmwarea1sam-2750fx11dpfr-snx10sll\+-f_firmwarex11ssh-fx10sdv-16c-tln4fx10drw-itx9dr3\/i-f_firmwarex10drc-ln4\+_firmwarex11sds-8cx10dri-ln4\+_firmwarex11sslx10sll-f_firmwarex9srax10drs_firmwarex11ssh-tfx9drd-it\+x9srd-f_firmwarex11dpu-z\+_firmwareb1sd2-16c-tf_firmwarex10sdv-12c-tln4fb9drgx10dru-xx10srm-f_firmwarex11dpg-qtx10sdv-2c-tln2fx10sdv-4c-tln4f_firmwarex10slh-fx10drh-iln4x11sca_firmwareb9qr7\(-tp\)x10obi-cpux10drw-it_firmwarex11spm-f_firmwarex10drh-ca1sri-2358fx10sdv-16c\+-tln4fm11sdv-4ct-ln4f_firmwarex9drg-qf_firmwarex11scw-fb10drg-ibf_firmwareb2ss2-mtf_firmwareb9drg-3mx10drl-itx10drd-lt_firmwarex11dpu-ze\+x11dph-tq_firmwarex10drff-cg_firmwarex10ddw-ix9srw-fx9sca\(-f\)_firmwarex11qph\+x9drw-7\/itpf\+_firmwareb9qr7\(-tp\)_firmwarex11spa-tx11dgo-tx11dpx-t_firmwarex9drw-3\/if_firmwarex10drd-i_firmwarex9dal-3\/ix9dbs-f\(-2u\)_firmwarex10sdv-4c-tln2f_firmwarex11dsc\+_firmwarex10drd-ltpx9drg-h\(t\)fx9drl-3\/ifx9drg-o\(t\)f-cpux11spm-tpf_firmwarex10drff-ctg_firmwarex10dgqx10sdd-fx11sca-w_firmwarex11spl-fx10ddw-inx11spm-tf_firmwarex11dpg-qt_firmwarem11sdv-4c-ln4fx11ddw-l_firmwarex11dpfr-sn_firmwarex9dr7\/e-ln4f_firmwarex11sdd-8c-f_firmwarex10qrh\+_firmwarex9qr7-tf\+_firmwarex10sld-hfb2ss2-f_firmwareb10drtx10drt-libf_firmwarex10sdv-7tp4fx10drt-ps_firmwarex10sl7-fb2ss1-h-mtfb11dpt_firmwarex10srl-f_firmwarex11ssm-fx9drd-c\(n\)t\+x10sdv-tln4fx10drl-it_firmwarex11spl-f_firmwarex9drl-7\/efx9dr7\/e-tf\+_firmwarex11dps-rea1srm-2558fx11scl-fx10drd-itpx10sdv-4c\+-tp4f_firmwarex11ssh-ctf_firmwarex10drt-libqx9drg-h\(t\)f\+iix10ddw-in_firmwarex11ssi-ln4fx10srm-fx11dsn-tsa1srm-ln7f-2758_firmwarex10drg-htx9db3\/i-\(tp\)f_firmwarex9dr7-jln4f_firmwarex10drt-libq_firmwarex10sdv-tp8fx9qr7-tf_firmwarex11ssd-f_firmwareb10drt-ibfx11ssl-f_firmwarex9drg-o\(t\)f-cpu_firmwareb1sd1-tfx9dbs-f\(-2u\)x10sdv-16c-tln4f\+_firmwarex9dax-7\/if-hftx10sdv-6c-tln4f_firmwarex9drg-h\(t\)f\+x9drx\+-fx10drt-l_firmwarex9dal-3\/i_firmwarex11dpg-snx11ssh-gf-1585x10drh-iln4_firmwareb1sd2-tfx9dbu-3\/if_firmwarea1srm-ln5f-2358_firmwareb10drc-nx11ssw-f_firmwarex9srl\(-f\)x11sph-nctpf_firmwarex10drff-c_firmwarex10sdv-12c\+-tln4fb2ss2-h-mtf_firmwarex10drfrx9qri-f_firmwarex10dbt-t_firmwarex10dbt-tx11dpt-b_firmwarem11sdv-8ct-ln4f_firmwarex11ssh-ln4fb11dptx10dsn-tsx11sca-fx11spi-tfx10sde-df_firmwarex10satx11dpg-sn_firmwarex10sll-sfa1srm-ln5f-2358x9drt-h_seriesb9dr7_firmwarex10sdv-2c-tp8fb1sd1-16c-tfx10slm-fx10sld-fx11sph-nctpfx11ssh-gtf-1585lx10sdd-16c-f_firmwarex9drd-l\/ifx9sci-ln4\(f\)x9drd-ef_firmwarex10sdv-4c-7tp4f_firmwareb9drg-3m_firmwarex10drl-ctx11ssh-gf-1585l_firmwarex11dpu-v_firmwarex10qbl_firmwarea1sai-2750fa1sri-2758fx10qbl-4ctn/a
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-326
Inadequate Encryption Strength
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-38372
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.64% / 46.32%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 00:23
Updated-14 Feb, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Watson IoT Platform information disclosure

An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication token can use it to impersonate an authorized platform user. IBM X-Force ID: 261201.

Action-Not Available
Vendor-IBM Corporation
Product-watson_iot_platformWatson IoT Platform
CWE ID-CWE-287
Improper Authentication
CVE-2025-14738
Matching Score-4
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-4
Assigner-TP-Link Systems Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.44% / 34.97%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 18:01
Updated-29 Jan, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Configuration Disclosure Vulnerability in TP-Link WA850RE

Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-tl-wa850retl-wa850re_firmwareWA850RE
CWE ID-CWE-287
Improper Authentication
CVE-2016-2102
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-2.01% / 78.45%
||
7 Day CHG~0.00%
Published-22 Aug, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.

Action-Not Available
Vendor-haproxyn/a
Product-haproxyn/a
CWE ID-CWE-287
Improper Authentication
CVE-2025-14567
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.68% / 48.02%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 16:02
Updated-23 Dec, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
haxxorsid Stock-Management-System employees missing authentication

A weakness has been identified in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This affects an unknown function of the file /api/employees. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-haxxorsidhaxxorsid
Product-stock-management-systemStock-Management-System
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-35579
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.51% / 39.75%
||
7 Day CHG+0.07%
Published-05 May, 2026 | 20:29
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports

CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify() to validate the HMAC. If the key name matches a configured key, the tsigStatus field remains nil and the tsig plugin treats the request as successfully authenticated regardless of the MAC value. For DoH and DoH3, the issue is more severe: the DoHWriter.TsigStatus() method unconditionally returns nil, and the server never inspects the TSIG record at all. Any request containing a TSIG record is treated as authenticated over DoH and DoH3, even if the key name is invalid and the MAC is arbitrary. An unauthenticated network attacker can exploit this to bypass TSIG-protected functionality such as AXFR/IXFR zone transfers, dynamic DNS updates, or other TSIG-gated plugin behavior. The DoH and DoH3 variants have a lower exploitation bar because the attacker does not need to know a valid TSIG key name. This issue has been fixed in version 1.14.3. As a workaround, disable gRPC, QUIC, DoH, and DoH3 listeners where TSIG authentication is required, or restrict network-level access to affected transport ports to trusted sources only.

Action-Not Available
Vendor-coredns.iocorednsRed Hat, Inc.
Product-corednscorednsRed Hat Advanced Cluster Management for Kubernetes 2.14Red Hat Advanced Cluster Management for Kubernetes 2Red Hat OpenShift Container Platform 4
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CVE-2025-14703
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.60% / 44.62%
||
7 Day CHG~0.00%
Published-15 Dec, 2025 | 04:02
Updated-09 Jan, 2026 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shiguangwu sgwbox N3 POST Message fsnotify improper authentication

A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST Message Handler. The manipulation of the argument token leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-sgwboxShiguangwu
Product-n3n3_firmwaresgwbox N3
CWE ID-CWE-287
Improper Authentication
CVE-2014-3106
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-1.85% / 76.52%
||
7 Day CHG~0.00%
Published-23 Sep, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature.

Action-Not Available
Vendor-n/aIBM Corporation
Product-rational_clearcasen/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-43786
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.29% / 81.14%
||
7 Day CHG~0.00%
Published-29 Nov, 2021 | 19:30
Updated-04 Aug, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
API token verification can be bypassed

Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible.

Action-Not Available
Vendor-nodebbNodeBB
Product-nodebbNodeBB
CWE ID-CWE-287
Improper Authentication
CVE-2026-33512
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.23% / 14.18%
||
7 Day CHG~0.00%
Published-23 Mar, 2026 | 18:17
Updated-25 Mar, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVideo has an unauthenticated decrypt oracle leaking any ciphertext

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a `decryptString` action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly (e.g., `view/url2Embed.json.php`), so any user can recover protected tokens/metadata. Commit 3fdeecef37bb88967a02ccc9b9acc8da95de1c13 contains a patch.

Action-Not Available
Vendor-wwbnWWBN
Product-avideoAVideo
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-326
Inadequate Encryption Strength
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-11852
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.57% / 42.85%
||
7 Day CHG~0.00%
Published-16 Oct, 2025 | 19:02
Updated-21 Oct, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apeman ID71 ONVIF Service device_service missing authentication

A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown function of the file /onvif/device_service of the component ONVIF Service. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Apeman
Product-ID71
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-18312
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-1.08% / 60.95%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to enumerate running RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-287
Improper Authentication
CVE-2026-32815
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 28.08%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 21:39
Updated-23 Mar, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SiYuan: Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the WebSocket endpoint (/ws) allows unauthenticated connections when specific URL parameters are provided (?app=siyuan&id=auth&type=auth). This bypass, intended for the login page to keep the kernel alive, allows any external client — including malicious websites via cross-origin WebSocket — to connect and receive all server push events in real-time. These events leak sensitive document metadata including document titles, notebook names, file paths, and all CRUD operations performed by authenticated users. Combined with the absence of Origin header validation, a malicious website can silently connect to a victim's local SiYuan instance and monitor their note-taking activity. This issue has been fixed in version 3.6.1.

Action-Not Available
Vendor-b3logsiyuan-note
Product-siyuansiyuan
CWE ID-CWE-287
Improper Authentication
CVE-2014-0357
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-5||MEDIUM
EPSS-1.83% / 76.28%
||
7 Day CHG~0.00%
Published-15 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application.

Action-Not Available
Vendor-amtelcon/a
Product-misecuremessagesn/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-15046
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.30% / 91.58%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 14:51
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_servicedesk_plusn/a
CWE ID-CWE-287
Improper Authentication
CVE-2026-32173
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.6||HIGH
EPSS-0.91% / 55.59%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 23:27
Updated-19 Jun, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure SRE Agent Information Disclosure Vulnerability

Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_sre_agentAzure SRE Agent Gateway - SignalR Hub
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-863
Incorrect Authorization
CVE-2014-0732
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-1.80% / 75.88%
||
7 Day CHG~0.00%
Published-20 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_managern/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-43175
Matching Score-4
Assigner-Black Duck Software, Inc.
ShareView Details
Matching Score-4
Assigner-Black Duck Software, Inc.
CVSS Score-7.5||HIGH
EPSS-1.16% / 63.28%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 17:25
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly, allowing the caller to specify any values for these parameters and successfully authenticate. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

Action-Not Available
Vendor-goautodialGOautodial
Product-goautodial_apigoautodialGOautodial API
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CWE ID-CWE-287
Improper Authentication
CVE-2023-30967
Matching Score-4
Assigner-Palantir Technologies
ShareView Details
Matching Score-4
Assigner-Palantir Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.62% / 45.12%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 23:18
Updated-10 Sep, 2024 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gotham Orbital Simulator path traversal

Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.

Action-Not Available
Vendor-palantirPalantir
Product-orbital_simulatorcom.palantir.meta:orbital-simulator
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-287
Improper Authentication
CVE-2023-30061
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.11% / 61.96%
||
7 Day CHG~0.00%
Published-01 May, 2023 | 00:00
Updated-30 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-879_firmwaredir-879n/a
CWE ID-CWE-287
Improper Authentication
CVE-2014-0725
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-1.28% / 66.44%
||
7 Day CHG~0.00%
Published-13 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_managern/a
CWE ID-CWE-287
Improper Authentication
CVE-2014-0733
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-1.80% / 75.75%
||
7 Day CHG~0.00%
Published-20 Feb, 2014 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_managern/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-27877
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.46% / 36.98%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 01:31
Updated-28 Oct, 2024 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure

IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_dataPlanning Analytics Cartridge for Cloud Pak for Data
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2023-27377
Matching Score-4
Assigner-The Missing Link Australia (TML)
ShareView Details
Matching Score-4
Assigner-The Missing Link Australia (TML)
CVSS Score-7.5||HIGH
EPSS-0.69% / 48.45%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 10:20
Updated-25 Sep, 2024 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.

Action-Not Available
Vendor-idattendIDAttend Pty Ltd
Product-idwebIDWeb
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-287
Improper Authentication
CVE-2025-10288
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.45% / 36.17%
||
7 Day CHG~0.00%
Published-12 Sep, 2025 | 05:02
Updated-12 Sep, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
roncoo roncoo-pay list improper authentication

A vulnerability was found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. The impacted element is an unknown function of the file /user/info/list. Performing manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-roncoo
Product-roncoo-pay
CWE ID-CWE-287
Improper Authentication
CVE-2023-25913
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
ShareView Details
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
CVSS Score-7.5||HIGH
EPSS-0.52% / 40.18%
||
7 Day CHG~0.00%
Published-21 Aug, 2023 | 20:30
Updated-09 Jan, 2025 | 07:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass in Danfoss AK-SM800A

Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.

Action-Not Available
Vendor-danfossDanfoss
Product-ak-sm_800a_firmwareak-sm_800aAK-SM800A
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2023-25264
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.96% / 57.24%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 00:00
Updated-18 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Docmosis Tornado prior to version 2.9.5. An unauthenticated attacker can bypass the authentication check filter completely by introducing a specially crafted request with relative path segments.

Action-Not Available
Vendor-docmosisn/a
Product-tornadon/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-41638
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.58% / 72.47%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 11:44
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username.

Action-Not Available
Vendor-melagn/a
Product-ftp_servern/a
CWE ID-CWE-287
Improper Authentication
CVE-2013-6470
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.88% / 76.85%
||
7 Day CHG~0.00%
Published-02 Jun, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openstackn/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-41309
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-5.3||MEDIUM
EPSS-0.80% / 52.24%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 03:35
Updated-10 Oct, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The affected versions of Jira Server and Data Center are before version 8.19.1.

Action-Not Available
Vendor-Atlassian
Product-jira_software_data_centerJira ServerJira Data Centerjira_serverjira_data_center
CWE ID-CWE-287
Improper Authentication
CVE-2021-41157
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.69% / 74.27%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 13:35
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse of this security issue allows attackers to subscribe to user agent event notifications without the need to authenticate. This abuse poses privacy concerns and might lead to social engineering or similar attacks. For example, attackers may be able to monitor the status of target SIP extensions. Although this issue was fixed in version v1.10.6, installations upgraded to the fixed version of FreeSWITCH from an older version, may still be vulnerable if the configuration is not updated accordingly. Software upgrades do not update the configuration by default. SIP SUBSCRIBE messages should be authenticated by default so that FreeSWITCH administrators do not need to explicitly set the `auth-subscriptions` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication.

Action-Not Available
Vendor-freeswitchsignalwire
Product-freeswitchfreeswitch
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-34675
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.82% / 76.13%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 16:45
Updated-04 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports.

Action-Not Available
Vendor-basixonlinen/a
Product-nex-formsn/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-40851
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.5||HIGH
EPSS-1.33% / 67.56%
||
7 Day CHG~0.00%
Published-17 Dec, 2021 | 16:10
Updated-16 Sep, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TCMAN GIM SQL injection vulnerability

TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability might allow a remote attacker to obtain information.

Action-Not Available
Vendor-tcmanTCMAN
Product-gimGIM
CWE ID-CWE-287
Improper Authentication
CVE-2024-10620
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.50% / 39.17%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 04:31
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
knightliao Disconf Configuration Center list improper authentication

A vulnerability was found in knightliao Disconf 2.6.36. It has been classified as critical. This affects an unknown part of the file /api/config/list of the component Configuration Center. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-knightliaoknightliao
Product-Disconfdisconf
CWE ID-CWE-287
Improper Authentication
CVE-2016-10833
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.32% / 67.35%
||
7 Day CHG~0.00%
Published-01 Aug, 2019 | 16:09
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104).

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-287
Improper Authentication
CVE-2024-10173
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.70% / 48.72%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 05:00
Updated-22 Oct, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
didi DDMQ Console Module improper authentication

A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-didiglobaldidididi
Product-ddmqDDMQddmq
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-37100
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.72% / 49.50%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 16:06
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-287
Improper Authentication
CVE-2023-21841
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.74% / 49.96%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 23:35
Updated-17 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CWE ID-CWE-287
Improper Authentication
CVE-2021-37054
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.72% / 49.28%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 14:12
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiharmonyosemuiMagic UIHarmonyOSEMUI
CWE ID-CWE-287
Improper Authentication
CVE-2023-21419
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 14.60%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.

Action-Not Available
Vendor-Samsung ElectronicsGoogle LLC
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2023-6451
Matching Score-4
Assigner-The Missing Link Australia (TML)
ShareView Details
Matching Score-4
Assigner-The Missing Link Australia (TML)
CVSS Score-8.6||HIGH
EPSS-0.53% / 40.88%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 04:06
Updated-09 Jan, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Publicly Known Cryptographic Machine Key In Procura Portal Application

Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.

Action-Not Available
Vendor-alayacareAlayaCare
Product-procuraProcura Portalprocura_portal
CWE ID-CWE-1394
Use of Default Cryptographic Key
CWE ID-CWE-287
Improper Authentication
CVE-2019-13188
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.46% / 82.49%
||
7 Day CHG~0.00%
Published-05 Sep, 2019 | 17:32
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application.

Action-Not Available
Vendor-engn/a
Product-knowagen/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-5627
Matching Score-4
Assigner-Moxa Inc.
ShareView Details
Matching Score-4
Assigner-Moxa Inc.
CVSS Score-7.5||HIGH
EPSS-0.31% / 23.08%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 15:04
Updated-05 Sep, 2024 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Implementation of Authentication Algorithm Vulnerability

A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service.

Action-Not Available
Vendor-Moxa Inc.
Product-nport_6610-32_firmwarenport_6650-32-hv-t_firmwarenport_6450_firmwarenport_6650-8_firmwarenport_6650-16-t_firmwarenport_6250-s-sc_firmwarenport_6150nport_6610-8-48vnport_6650-16-hv-tnport_6650-32-hv-tnport_6650-8-tnport_6250nport_6610-16_firmwarenport_6450-t_firmwarenport_6250_firmwarenport_6610-16-48vnport_6150_firmwarenport_6250-s-sc-tnport_6650-8-hv-tnport_6250-m-sc-t_firmwarenport_6650-16-tnport_6650-32-48v_firmwarenport_6650-32-48vnport_6450nport_6610-8_firmwarenport_6610-32-48v_firmwarenport_6650-16-hv-t_firmwarenport_6450-tnport_6150-t_firmwarenport_6250-tnport_6250-s-sc-t_firmwarenport_6250-s-scnport_6610-32-48vnport_6610-32nport_6250-t_firmwarenport_6650-8-48vnport_6650-8-hv-t_firmwarenport_6610-16-48v_firmwarenport_6650-16-48v_firmwarenport_6250-m-sc_firmwarenport_6610-8nport_6150-tnport_6650-16nport_6650-8nport_6650-16_firmwarenport_6610-16nport_6650-32_firmwarenport_6650-8-48v_firmwarenport_6650-8-t_firmwarenport_6650-16-48vnport_6650-32nport_6250-m-sc-tnport_6610-8-48v_firmwarenport_6250-m-scNPort 6000 Seriesnport_6000
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CWE ID-CWE-257
Storing Passwords in a Recoverable Format
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-287
Improper Authentication
CVE-2023-1784
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-1.00% / 58.43%
||
7 Day CHG~0.00%
Published-31 Mar, 2023 | 20:00
Updated-11 Feb, 2025 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jeecg-boot API Documentation improper authentication

A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224699.

Action-Not Available
Vendor-jeecgn/a
Product-jeecg_bootjeecg-boot
CWE ID-CWE-287
Improper Authentication
CVE-2026-24241
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.56% / 42.40%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 18:42
Updated-27 Feb, 2026 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker could exploit an improper authentication issue. A successful exploit of this vulnerability might lead to information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-delegated_license_serviceDLS component of NVIDIA License System
CWE ID-CWE-287
Improper Authentication
CVE-2005-3979
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.55% / 72.13%
||
7 Day CHG~0.00%
Published-03 Dec, 2005 | 19:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request.

Action-Not Available
Vendor-coppermine-galleryn/a
Product-coppermine_photo_galleryn/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-32951
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-0.89% / 54.97%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 00:54
Updated-16 Sep, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Advantech WebAccess/NMS Improper Authentication

WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS.

Action-Not Available
Vendor-Advantech (Advantech Co., Ltd.)
Product-webaccess\/nmsWebAccess/NMS
CWE ID-CWE-287
Improper Authentication
CVE-2024-7763
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.62% / 45.38%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 20:11
Updated-30 Oct, 2024 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WhatsUp Gold getReport Missing Authentication Authentication Bypass Vulnerability

In WhatsUp Gold versions released before 2024.0.0,  an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.

Action-Not Available
Vendor-Progress Software Corporation
Product-whatsup_goldWhatsUp Goldwhatsup_gold
CWE ID-CWE-287
Improper Authentication
CVE-2013-4178
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.30% / 66.88%
||
7 Day CHG~0.00%
Published-29 May, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password (OTP).

Action-Not Available
Vendor-google_authenticator_login_projectn/aThe Drupal Association
Product-ga_logindrupaln/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-30302
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.64% / 46.05%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 06:31
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication of EAP WAPI EAPOL frames from unauthenticated user can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5024_firmwareqca2066wsa8830qcn9070ipq4028_firmwareqca1062_firmwareqcn5550qca8337ar9380ipq8173_firmwareqca6431_firmwareqcn5124qca4024_firmwareqcn9072qca9992sc8180x\+sdx55ipq8078aipq5028_firmwareqca6420_firmwareipq8069_firmwareqca6390_firmwareqca2064_firmwareqca2062ipq6000qca6335qcn5064wcd9370ipq8072qcn5152_firmwareqca6426qcn9000_firmwareqca9984_firmwareipq5018wcn3998sd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwareipq8076aqcn6024_firmwareqsm8350_firmwareipq8074aqca2065qcn5124_firmwareqsm8350qca1064qca6428qcn5164_firmwareqcn5122_firmwareipq8071sdx55_firmwarewcd9375_firmwareqca8081_firmwareqcn6023_firmwarewcn3998_firmwareqca6420qca6436_firmwareqca10901_firmwareqca6438_firmwareipq5010sd778gipq8070_firmwareqca6310ipq8078a_firmwareipq8174qca9990qcs6490ipq5028qrb5165_firmwareipq4029_firmwareipq8072_firmwareqcn5052sdxr2_5gipq6010sc8280xp_firmwareqca6430qcn9074qca6421sd778g_firmwarewcd9340wsa8810_firmwareqca6436wcn6851qca8081ipq8071aqcn6023ipq8071a_firmwarewcd9385qca9888_firmwareqcn6122wcd9341qca2066_firmwareqca6431qca2065_firmwareqcs6490_firmwaresd870_firmwareqca1062qcn5154_firmwarear8035csr8811qca6390aqt1000qca9898_firmwaresd_8cxsc8180x\+sdx55_firmwarewcd9375qcn9100_firmwarewsa8830_firmwareqca9992_firmwaresd865_5g_firmwareipq5010_firmwareipq8074a_firmwareqca6438qcm6490sd888_5g_firmwarewcn6850_firmwarewsa8815_firmwarewsa8835_firmwareqcn5121qcx315qca9898qcn5022_firmwarewcn6750_firmwareipq4028qca6428_firmwareipq5018_firmwareqca8072ipq4018_firmwareqca8337_firmwarewcd9380_firmwareqcn9000ipq8072aqca9980_firmwaresd780gipq8076a_firmwaresd865_5gar9380_firmwareipq8078sdx55m_firmwareipq8173wcn6856_firmwareqcn9012sd888qcn5164qcn6122_firmwareqcx315_firmwarewsa8835qca10901csr8811_firmwarewcd9380sd888_5gqcn5054_firmwareqcn5154qca8075_firmwareipq4018qcn5024ipq6005_firmwarewcn6855_firmwareqca9889ipq8074qca6310_firmwareqca8072_firmwareqca6430_firmwareqca9888qca9994_firmwareqcn5052_firmwareipq8070a_firmwareqcn9012_firmwaresm7325wcn6750qca6335_firmwareipq6018_firmwareipq8076_firmwarewcd9340_firmwarewsa8815wcn6850pmp8074_firmwareipq8076sd_8c_firmwareqca6426_firmwareqca9984ipq6028ipq8064ipq8069pmp8074qcn5021qcn5152qcn9024qcn5550_firmwareqca6391sdx55mipq8064_firmwareqca6421_firmwareipq6005aqt1000_firmwareqca2062_firmwarewcn6740_firmwareqcn9100qcn5064_firmwareqcm6490_firmwareipq8078_firmwareqcn5054qcn9070_firmwareqrb5165wcn6851_firmwareipq8070ipq6028_firmwareipq8072a_firmwareqca9994ipq8074_firmwareqca9889_firmwareqca9980qcn5122qcn9024_firmwareipq8174_firmwarewcd9341_firmwarewsa8810sd870qcn5121_firmwarewcn6855wcn6856sd_8cipq6018qcn5022ipq6010_firmwareqca1064_firmwarewcn6740qca6391_firmwareqca2064qca4024sd780g_firmwarewcd9370_firmwaresdx55sd888_firmwareqca8075qcn5021_firmwareqcn9022_firmwareqcn6024qcn9022sc8280xpqca9990_firmwareipq8070aqcn9072_firmwareipq6000_firmwareipq8071_firmwareqcn9074_firmwareipq4029ar8035_firmwaresm7325_firmwareSnapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 9
  • 10
  • Next
Details not found