Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-6541

Summary
Assigner-certcc
Assigner Org ID-37e5125f-f79b-445b-8fad-9564f167944b
Published At-06 Jul, 2018 | 21:00
Updated At-06 Aug, 2024 | 01:36
Rejected At-
Credits

TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes

TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:certcc
Assigner Org ID:37e5125f-f79b-445b-8fad-9564f167944b
Published At:06 Jul, 2018 | 21:00
Updated At:06 Aug, 2024 | 01:36
Rejected At:
▼CVE Numbering Authority (CNA)
TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes

TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.

Affected Products
Vendor
TrackR
Product
Bravo Mobile Application
Platforms
  • iOS
Versions
Unaffected
  • 5.1.6
Vendor
TrackR
Product
Bravo Mobile Application
Platforms
  • Android
Versions
Unaffected
  • 2.2.5
Problem Types
TypeCWE IDDescription
CWECWE-306CWE-306: Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-306
Description: CWE-306: Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/93874
vdb-entry
x_refsource_BID
https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ
x_refsource_MISC
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
x_refsource_MISC
https://www.kb.cert.org/vuls/id/617567
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.securityfocus.com/bid/93874
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ
Resource:
x_refsource_MISC
Hyperlink: https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
Resource:
x_refsource_MISC
Hyperlink: https://www.kb.cert.org/vuls/id/617567
Resource:
third-party-advisory
x_refsource_CERT-VN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/93874
vdb-entry
x_refsource_BID
x_transferred
https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ
x_refsource_MISC
x_transferred
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
x_refsource_MISC
x_transferred
https://www.kb.cert.org/vuls/id/617567
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/93874
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.kb.cert.org/vuls/id/617567
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cret@cert.org
Published At:06 Jul, 2018 | 21:29
Updated At:09 Oct, 2019 | 23:19

TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.05.8MEDIUM
AV:A/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:A/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
thetrackr
thetrackr
>>trackr_bravo_firmware>>Versions before 2.2.5(exclusive)
cpe:2.3:o:thetrackr:trackr_bravo_firmware:*:*:*:*:*:android:*:*
thetrackr
thetrackr
>>trackr_bravo_firmware>>Versions before 5.1.6(exclusive)
cpe:2.3:o:thetrackr:trackr_bravo_firmware:*:*:*:*:*:iphone_os:*:*
thetrackr
thetrackr
>>trackr_bravo>>-
cpe:2.3:h:thetrackr:trackr_bravo:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE-306Secondarycret@cert.org
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-306
Type: Secondary
Source: cret@cert.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/93874cret@cert.org
Third Party Advisory
VDB Entry
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/cret@cert.org
Third Party Advisory
https://www.kb.cert.org/vuls/id/617567cret@cert.org
Third Party Advisory
US Government Resource
https://www.kb.cert.org/vuls/id/TNOY-AF3KCZcret@cert.org
Third Party Advisory
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/93874
Source: cret@cert.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://www.kb.cert.org/vuls/id/617567
Source: cret@cert.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ
Source: cret@cert.org
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

71Records found
CVE-2017-18720
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.48%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:15
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6700d6200r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-18732
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.11%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:23
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-plw1000_firmwareplw1010plw1010_firmwarer6300r6300_firmwareplw1000n/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-17219
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.07%
||
7 Day CHG~0.00%
Published-06 Oct, 2019 | 15:23
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the network interface without proper access control.

Action-Not Available
Vendor-vzugn/a
Product-combi-stream_mslq_firmwarecombi-stream_mslqn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-27645
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.17% / 37.96%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax48_firmwarerax40rax15r8000rax75lax20r6400_firmwarer8000prax35rax50r8500_firmwarerax35_firmwarer7960prax45r7000_firmwarer8000p_firmwarer7850rax20rax200rax38rax50s_firmwarer7900prax20_firmwarerax40_firmwarerax200_firmwarer8500rax48rax50sr7850_firmwarerax43_firmwarer6700rax42rax42_firmwarer7000rax43r7960p_firmwarerax15_firmwarerax75_firmwarerax50_firmwarer6400rax38_firmwarerax45_firmwarer6700_firmwarer7900p_firmwarelax20_firmwarer8000_firmwareR6700v3
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-697
Incorrect Comparison
CVE-2023-5328
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 17.56%
||
7 Day CHG~0.00%
Published-01 Oct, 2023 | 23:31
Updated-02 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SATO CL4NX-J Plus Cookie improper authentication

A vulnerability classified as critical has been found in SATO CL4NX-J Plus 1.13.2-u455_r2. This affects an unknown part of the component Cookie Handler. The manipulation with the input auth=user,level1,settings; web=true leads to improper authentication. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-241029 was assigned to this vulnerability.

Action-Not Available
Vendor-satoSATO
Product-cl4nx-j_plus_firmwarecl4nx-j_plusCL4NX-J Plus
CWE ID-CWE-287
Improper Authentication
CVE-2017-18772
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.48%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:47
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, R8500 before 1.0.2.74, and WNR2000v2 before 1.2.0.8.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500ex6130_firmwarer6700r8000r7000ex3800_firmwarewnr2000_firmwarer7900r6900ex3700r8500_firmwarer7300dst_firmwarer6900_firmwareex3800r7900_firmwarer7000_firmwareex3700_firmwarer6300r7300dstex6120r6300_firmwarer6700_firmwareex6130ex6120_firmwarewnr2000r8000_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-25008
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.40%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 22:27
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ex300_v2_firmwareex300_v2ex1200t_firmwareex1200tn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2017-12712
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.74% / 71.90%
||
7 Day CHG~0.00%
Published-25 Apr, 2018 | 13:00
Updated-17 Sep, 2024 | 03:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.

Action-Not Available
Vendor-abbottAbbott Laboratories
Product-assurity_firmwareassurityaccent_stanthem_firmwareassurity_mriassurity_mri_firmwareaccent_mri_firmwareaccent_mriaccent_st_firmwareallureanthemaccent_firmwareallure_firmwareaccentAccent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI.
CWE ID-CWE-287
Improper Authentication
CVE-2017-10854
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.85%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 16:00
Updated-05 Aug, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors.

Action-Not Available
Vendor-coregaCorega Inc
Product-cg-wgr_1200_firmwarecg-wgr_1200CG-WGR1200
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-41183
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.03% / 7.76%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-08 Aug, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability

NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SOAP API. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20524.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rbr760rbr760_firmwareOrbi 760rbr760
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2016-9497
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-8.8||HIGH
EPSS-3.88% / 87.79%
||
7 Day CHG~0.00%
Published-13 Jul, 2018 | 20:00
Updated-06 Aug, 2024 | 02:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel

Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user can access many administrative commands via this interface, including rebooting the modem.

Action-Not Available
Vendor-hughesHughes Satellite Modem
Product-hn7000sm_firmwarehn7740shn7000smhn7000sdw7000hn7740s_firmwaredw7000_firmwarehn7000s_firmwareHN7740SDW7000HN7000S/SM
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2016-7830
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.30%
||
7 Day CHG~0.00%
Published-09 Jun, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.

Action-Not Available
Vendor-Sony Group Corporation
Product-pcs-xc1_firmwarepcs-xg100cpcs-xg77_firmwarepcs-xg77cpcs-xg77spcs-xg100spcs-xg100pcs-xg77pcs-xc1pcs-xg100_firmwarePCS-XG100PCS-XG77SPCS-XC1PCS-XG100CPCS-XG77CPCS-XG77PCS-XG100S
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-5218
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.67%
||
7 Day CHG~0.00%
Published-29 Nov, 2019 | 19:51
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-band_3_firmwareband_2_firmwareband_2band_3Huawei Band 2, Honor Band 3
CWE ID-CWE-287
Improper Authentication
CVE-2019-17146
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-17.71% / 94.86%
||
7 Day CHG~0.00%
Published-07 Jan, 2020 | 23:05
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the SOAPAction request header, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8458.

Action-Not Available
Vendor-D-Link Corporation
Product-dcs-935l_firmwaredcs-960l_firmwaredcs-960ldcs-935lDCS-960L
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-10964
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.1||HIGH
EPSS-0.45% / 62.81%
||
7 Day CHG~0.00%
Published-28 Jun, 2019 | 20:58
Updated-22 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Medtronic MiniMed 508 and Paradigm Series Insulin Pumps Improper Access Control

Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.

Action-Not Available
Vendor-medtronicMedtronic
Product-minimed_paradigm_722minimed_paradigm_512minimed_paradigm_veo_554minimed_paradigm_523kminimed_paradigm_veo_754cmminimed_paradigm_723k_firmwareminimed_paradigm_veo_754cm_firmwareminimed_paradigm_712e_firmwareminimed_paradigm_523minimed_paradigm_veo_554cmminimed_paradigm_511minimed_paradigm_723minimed_paradigm_722_firmwareminimed_paradigm_712eminimed_paradigm_723_firmwareminimed_paradigm_522k_firmwareminimed_paradigm_veo_754minimed_paradigm_715_firmwareminimed_paradigm_723kminimed_508_firmwareminimed_paradigm_715minimed_paradigm_veo_754_firmwareminimed_paradigm_523k_firmwareminimed_paradigm_512_firmwareminimed_paradigm_523_firmwareminimed_paradigm_veo_554_firmwareminimed_paradigm_712_firmwareminimed_paradigm_veo_554cm_firmwareminimed_paradigm_522minimed_paradigm_722kminimed_508minimed_paradigm_722k_firmwareminimed_paradigm_515minimed_paradigm_511_firmwareminimed_paradigm_712minimed_paradigm_515_firmwareminimed_paradigm_522kminimed_paradigm_522_firmwareMiniMed Paradigm 512/712 pumpsMiniMed 508 pumpMiniMed Paradigm 515/715 pumpsMiniMed Paradigm 511 pumpMiniMed Paradigm 522K/722K pumpsMiniMed Paradigm 523/723 pumpsMiniMed Paradigm 523K/723K pumpsMiniMed Paradigm 522/722 pumpsMiniMed Paradigm Veo 554/754 pumpsMiniMed Paradigm Veo 554CM/754CM pumpsMiniMed Paradigm 712E pump
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-863
Incorrect Authorization
CVE-2018-7357
Matching Score-4
Assigner-ZTE Corporation
ShareView Details
Matching Score-4
Assigner-ZTE Corporation
CVSS Score-6.5||MEDIUM
EPSS-39.17% / 97.18%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 15:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access.

Action-Not Available
Vendor-ZTE Corporation
Product-zxhn_h168n_firmwarezxhn_h168nZXHN H168N
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-21132
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.62%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 19:41
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2017-2186
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.50% / 65.02%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI.

Action-Not Available
Vendor-kddiKDDI CORPORATION
Product-home_spot_cube_2_firmwarehome_spot_cube_2HOME SPOT CUBE2
CWE ID-CWE-287
Improper Authentication
CVE-2020-8709
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.44%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:52
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in socket services for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-compute_module_hns2600bpblc24rserver_system_r1304wt2gsrserver_system_lsvrp_firmwarecompute_module_hns2600tpfrserver_system_r2208wt2ysrserver_board_s2600wftserver_system_r2312wftzsrserver_system_r1000sp_firmwareserver_board_s2600kprserver_system_r1304wf0ysserver_system_r1304wf0ysrserver_system_r1304sposhbnserver_board_s2600kpfserver_system_lsvrp4304es6xx1server_board_s2600cwtserver_board_s2600kpcompute_module_hns2600bpbserver_board_s2600stbcompute_module_hns2600kprserver_system_r1208wttgsrserver_board_s2600cw2rserver_board_s2600wfqrcompute_module_hns2600tp24rserver_system_r2308wftzsserver_system_r2308wttysserver_system_r1000wf_firmwareserver_board_s2600wftrserver_system_r1304wt2gscompute_module_hns2600tprserver_system_r2208wf0zsserver_board_s2600kptrserver_board_s2600st_firmwareserver_system_r1208sposhorrcompute_module_hns2600tp_firmwareserver_board_s1200splserver_board_s2600cw2srserver_system_r1208wt2gsserver_board_s2600tpserver_system_r2208wttyc1rserver_board_s2600stqrcompute_module_hns2600bpblc24server_board_s2600cw2scompute_module_hns2600kp_firmwareserver_system_vrn2208wfaf83server_board_s2600cwtrserver_board_s1200spsserver_board_s2600bpqserver_system_r2208wt2ysserver_system_r1208wttgsserver_system_r1304wttgsserver_system_r2208wttysrserver_system_r1304sposhbnrserver_system_r2208wfqzsrserver_board_s2600tpfserver_board_s2600cwtsserver_system_lr1304sp_firmwareserver_system_r2312wf0nprserver_board_s2600wttrserver_board_s2600wt2server_system_r1208wfqysrserver_system_vrn2208wfhy6server_board_s2600stqserver_system_r2224wftzsserver_board_s2600wf0rserver_system_r2208wfqzsserver_system_nb2208wfqnfviserver_system_r2208wftzsserver_system_r2224wftzsrcompute_module_hns2600bpq24rserver_system_r2224wttysserver_board_s1200sp_firmwareserver_system_lr1304spcfg1rserver_system_lr1304spcfg1server_system_mcb2208wfaf5compute_module_hns2600bps24server_board_s2600bpsserver_board_s2600wt_firmwareserver_board_s2600bpqrserver_system_r2000wt_firmwareserver_system_r1208wt2gsrserver_system_vrn2208wfaf82compute_module_hns2600bpb24rserver_system_r1208wftysserver_system_r2000wf_firmwareserver_board_s2600cwserver_system_r2308wftzsrserver_system_lnetcnt3ycompute_module_s2600tp_firmwarecompute_module_hns2600bps24rserver_system_r1304wftysrserver_system_lsvrp4304es6xxrcompute_module_hns2600bpsrserver_board_s2600wt2rserver_system_mcb2208wfhy2server_board_s2600tpfrcompute_module_hns2600bpblcrserver_board_s2600cwtsrserver_system_r2224wfqzsserver_system_r2308wttysrcompute_module_hns2600tpfserver_system_r2312wftzsserver_system_vrn2208wfaf81server_board_s2600stbrcompute_module_hns2600bpqrserver_system_r2224wttysrserver_system_r2312wttyscompute_module_hns2600bpbrserver_system_r1208sposhorserver_board_s2600bp_firmwareserver_board_s2600bpbrserver_system_r1000wt_firmwareserver_board_s2600wttserver_board_s2600wf0compute_module_hns2600kpserver_system_r2312wfqzsserver_system_mcb2208wfaf6server_system_r1304wftysserver_system_r2208wttysserver_system_r1304sposhorrserver_system_vrn2208waf6compute_module_hns2600bp_firmwareserver_system_r1304sposhorcompute_module_hns2600tpcompute_module_hns2600kpfrcompute_module_hns2600bpqserver_board_s1200sporserver_board_s2600bpbserver_system_mcb2208wfaf4server_board_s1200splrserver_system_lr1304spcfsgx1compute_module_hns2600kpfcompute_module_hns2600bpblcserver_system_r2208wttyc1server_board_s2600cw2server_board_s1200sposerver_board_s2600wfqserver_board_s2600bpsrserver_system_r2312wf0npserver_system_r1304wttgsrserver_system_r2312wttysrserver_board_s2600kp_firmwareserver_system_r1208wttgsbppserver_board_s1200spsrcompute_module_hns2600bpsserver_system_r2208wf0zsrserver_board_s2600kpfrcompute_module_hns2600bpb24server_system_r2208wftzsrserver_system_r1208wftysrserver_board_s2600tprcompute_module_hns2600tp24srserver_board_s2600wf_firmwarecompute_module_hns2600bpq24Intel(R) Server Boards, Server Systems and Compute Modules Advisory
CWE ID-CWE-287
Improper Authentication
CVE-2020-5536
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.25%
||
7 Day CHG~0.00%
Published-04 Mar, 2020 | 01:35
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacker on the same network segment to bypass authentication and to initialize the device via unspecified vectors.

Action-Not Available
Vendor-plathomePlat'Home Co.,Ltd.
Product-openblocks_iot_vx2openblocks_iot_vx2_firmwareOpenBlocks IoT VX2
CWE ID-CWE-287
Improper Authentication
CVE-2020-35785
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-0.13% / 32.78%
||
7 Day CHG~0.00%
Published-29 Dec, 2020 | 23:40
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365).

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgn2200_firmwaredgn2200n/a
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • Next
Details not found