Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-10964

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-28 Jun, 2019 | 20:58
Updated At-22 May, 2025 | 18:29
Rejected At-
Credits

Medtronic MiniMed 508 and Paradigm Series Insulin Pumps Improper Access Control

Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:28 Jun, 2019 | 20:58
Updated At:22 May, 2025 | 18:29
Rejected At:
▼CVE Numbering Authority (CNA)
Medtronic MiniMed 508 and Paradigm Series Insulin Pumps Improper Access Control

Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.

Affected Products
Vendor
Medtronic
Product
MiniMed 508 pump
Default Status
unaffected
Versions
Affected
  • All versions
Vendor
Medtronic
Product
MiniMed Paradigm 511 pump
Default Status
unaffected
Versions
Affected
  • All versions
Vendor
Medtronic
Product
MiniMed Paradigm 512/712 pumps
Default Status
unaffected
Versions
Affected
  • All versions
Vendor
Medtronic
Product
MiniMed Paradigm 712E pump
Default Status
unaffected
Versions
Affected
  • All versions
Vendor
Medtronic
Product
MiniMed Paradigm 515/715 pumps
Default Status
unaffected
Versions
Affected
  • All versions
Vendor
Medtronic
Product
MiniMed Paradigm 522/722 pumps
Default Status
unaffected
Versions
Affected
  • All versions
Vendor
Medtronic
Product
MiniMed Paradigm 522K/722K pumps
Default Status
unaffected
Versions
Affected
  • All versions
Vendor
Medtronic
Product
MiniMed Paradigm 523/723 pumps
Default Status
unaffected
Versions
Affected
  • From 0 through Software Versions 2.4A (custom)
Vendor
Medtronic
Product
MiniMed Paradigm 523K/723K pumps
Default Status
unaffected
Versions
Affected
  • From 0 through Software Versions 2.4A (custom)
Vendor
Medtronic
Product
MiniMed Paradigm Veo 554/754 pumps
Default Status
unaffected
Versions
Affected
  • From 0 through Software Versions 2.6A (custom)
Vendor
Medtronic
Product
MiniMed Paradigm Veo 554CM/754CM pumps
Default Status
unaffected
Versions
Affected
  • From 0 through Software Versions 2.7A (custom)
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284
Type: CWE
CWE ID: CWE-284
Description: CWE-284
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Medtronic recommends U.S. patients who are currently using the affected products talk to their healthcare provider about changing to a newer model insulin pump with increased cybersecurity protection. Patients outside the U.S. will receive a notification letter with instructions based on the country where they live. Medtronic recommends all patients take the cybersecurity precautions indicated below. CYBERSECURITY PRECAUTIONS RECOMMENDED FOR ALL PATIENTS: * Maintain tight physical control of the pump and devices connected to the pump * Do not share pump serial number * Be attentive to pump notifications, alarms, and alerts * Immediately cancel any unintended boluses (a single dose of insulin administered all at once) * Do not connect to any third-party devices or use any software not authorized by Medtronic * Disconnect CareLink USB devices from computers when not being used to download data from the pump * Monitor blood glucose levels closely and act as appropriate * Get medical help immediately when experiencing symptoms of severe hypoglycemia or diabetic ketoacidosis, or suspect an insulin pump settings, or insulin delivery have changed unexpectedly Medtronic has released additional patient-focused information, at the following location: https://www.medtronic.com/security

Exploits
Credits
finder
Based on earlier work performed by external researchers including Nathanael Paul, Jay Radcliffe, and Barnaby Jack, and from recent work performed by external researchers Billy Rios, Jonathan Butts, and Jesse Young, Medtronic performed additional variant analysis and reported this vulnerability
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed-508-paradigm.html
N/A
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-178-01
N/A
http://www.securityfocus.com/bid/108926
vdb-entry
Hyperlink: https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed-508-paradigm.html
Resource: N/A
Hyperlink: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-178-01
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/108926
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.us-cert.gov/ics/advisories/icsma-19-178-01
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/108926
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.us-cert.gov/ics/advisories/icsma-19-178-01
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/108926
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:28 Jun, 2019 | 21:15
Updated At:22 May, 2025 | 19:15

Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
Primary3.08.8HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.05.8MEDIUM
AV:A/AC:L/Au:N/C:P/I:P/A:P
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:A/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
medtronic
medtronic
>>minimed_508_firmware>>*
cpe:2.3:o:medtronic:minimed_508_firmware:*:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_508>>-
cpe:2.3:h:medtronic:minimed_508:-:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_511_firmware>>*
cpe:2.3:o:medtronic:minimed_paradigm_511_firmware:*:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_511>>-
cpe:2.3:h:medtronic:minimed_paradigm_511:-:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_512_firmware>>*
cpe:2.3:o:medtronic:minimed_paradigm_512_firmware:*:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_512>>-
cpe:2.3:h:medtronic:minimed_paradigm_512:-:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_712_firmware>>*
cpe:2.3:o:medtronic:minimed_paradigm_712_firmware:*:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_712>>-
cpe:2.3:h:medtronic:minimed_paradigm_712:-:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_712e_firmware>>*
cpe:2.3:o:medtronic:minimed_paradigm_712e_firmware:*:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_712e>>-
cpe:2.3:h:medtronic:minimed_paradigm_712e:-:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_515_firmware>>*
cpe:2.3:o:medtronic:minimed_paradigm_515_firmware:*:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_515>>-
cpe:2.3:h:medtronic:minimed_paradigm_515:-:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_715_firmware>>*
cpe:2.3:o:medtronic:minimed_paradigm_715_firmware:*:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_715>>-
cpe:2.3:h:medtronic:minimed_paradigm_715:-:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_522_firmware>>*
cpe:2.3:o:medtronic:minimed_paradigm_522_firmware:*:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_522>>-
cpe:2.3:h:medtronic:minimed_paradigm_522:-:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_722_firmware>>*
cpe:2.3:o:medtronic:minimed_paradigm_722_firmware:*:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_722>>-
cpe:2.3:h:medtronic:minimed_paradigm_722:-:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_522k_firmware>>*
cpe:2.3:o:medtronic:minimed_paradigm_522k_firmware:*:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_522k>>-
cpe:2.3:h:medtronic:minimed_paradigm_522k:-:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_722k_firmware>>*
cpe:2.3:o:medtronic:minimed_paradigm_722k_firmware:*:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_722k>>-
cpe:2.3:h:medtronic:minimed_paradigm_722k:-:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_523_firmware>>Versions up to 2.4a(inclusive)
cpe:2.3:o:medtronic:minimed_paradigm_523_firmware:*:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_523>>-
cpe:2.3:h:medtronic:minimed_paradigm_523:-:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_723_firmware>>Versions up to 2.4a(inclusive)
cpe:2.3:o:medtronic:minimed_paradigm_723_firmware:*:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_723>>-
cpe:2.3:h:medtronic:minimed_paradigm_723:-:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_523k_firmware>>Versions up to 2.4a(inclusive)
cpe:2.3:o:medtronic:minimed_paradigm_523k_firmware:*:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_523k>>-
cpe:2.3:h:medtronic:minimed_paradigm_523k:-:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_723k_firmware>>Versions up to 2.4a(inclusive)
cpe:2.3:o:medtronic:minimed_paradigm_723k_firmware:*:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_723k>>-
cpe:2.3:h:medtronic:minimed_paradigm_723k:-:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_veo_554_firmware>>Versions up to 2.6a(inclusive)
cpe:2.3:o:medtronic:minimed_paradigm_veo_554_firmware:*:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_veo_554>>-
cpe:2.3:h:medtronic:minimed_paradigm_veo_554:-:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_veo_754_firmware>>Versions up to 2.6a(inclusive)
cpe:2.3:o:medtronic:minimed_paradigm_veo_754_firmware:*:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_veo_754>>-
cpe:2.3:h:medtronic:minimed_paradigm_veo_754:-:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_veo_554cm_firmware>>Versions up to 2.7a(inclusive)
cpe:2.3:o:medtronic:minimed_paradigm_veo_554cm_firmware:*:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_veo_554cm>>Versions up to 2.7a(inclusive)
cpe:2.3:h:medtronic:minimed_paradigm_veo_554cm:*:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_veo_754cm_firmware>>-
cpe:2.3:o:medtronic:minimed_paradigm_veo_754cm_firmware:-:*:*:*:*:*:*:*
medtronic
medtronic
>>minimed_paradigm_veo_754cm>>-
cpe:2.3:h:medtronic:minimed_paradigm_veo_754cm:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-284Primaryics-cert@hq.dhs.gov
CWE-287Secondarynvd@nist.gov
CWE-863Secondarynvd@nist.gov
CWE ID: CWE-284
Type: Primary
Source: ics-cert@hq.dhs.gov
CWE ID: CWE-287
Type: Secondary
Source: nvd@nist.gov
CWE ID: CWE-863
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/108926ics-cert@hq.dhs.gov
Third Party Advisory
VDB Entry
https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed-508-paradigm.htmlics-cert@hq.dhs.gov
N/A
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-178-01ics-cert@hq.dhs.gov
N/A
http://www.securityfocus.com/bid/108926af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://www.us-cert.gov/ics/advisories/icsma-19-178-01af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/108926
Source: ics-cert@hq.dhs.gov
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed-508-paradigm.html
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-178-01
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/108926
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.us-cert.gov/ics/advisories/icsma-19-178-01
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

74Records found
CVE-2018-7363
Matching Score-4
Assigner-ZTE Corporation
ShareView Details
Matching Score-4
Assigner-ZTE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.99%
||
7 Day CHG~0.00%
Published-16 Nov, 2018 | 15:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials.

Action-Not Available
Vendor-ZTE Corporation
Product-zxhn_f670_firmwarezxhn_f670ZXHN F670
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-26559
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.18% / 77.90%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 17:13
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue.

Action-Not Available
Vendor-bluetoothn/a
Product-mesh_profilen/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2018-19023
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.30% / 52.81%
||
7 Day CHG~0.00%
Published-25 Jan, 2019 | 20:00
Updated-16 Sep, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.

Action-Not Available
Vendor-hetronicHetronic
Product-mlc_firmwarenova-mdc_mobile_firmwarebms-hles-can-hlmlcbms-hl_firmwaredc_mobilenova-m_firmwarees-can-hl_firmwareHetronic Nova-M
CWE ID-CWE-294
Authentication Bypass by Capture-replay
CWE ID-CWE-287
Improper Authentication
CVE-2025-2350
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 6.11%
||
7 Day CHG+0.01%
Published-16 Mar, 2025 | 22:00
Updated-17 Mar, 2025 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IROAD Dash Cam FX2 upload_file unrestricted upload

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been rated as critical. Affected by this issue is some unknown functionality of the file /action/upload_file. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-IROAD
Product-Dash Cam FX2
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-24579
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-87.79% / 99.44%
||
7 Day CHG~0.00%
Published-22 Dec, 2020 | 18:04
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsl2888adsl2888a_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-1601
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.3||HIGH
EPSS-0.11% / 29.47%
||
7 Day CHG~0.00%
Published-22 Jul, 2021 | 15:20
Updated-07 Nov, 2024 | 22:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities

Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-intersight_virtual_applianceCisco Intersight Virtual Appliance
CWE ID-CWE-284
Improper Access Control
CVE-2021-1284
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.07% / 23.00%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:50
Updated-08 Nov, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Software Authentication Bypass Vulnerability

A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the attacker must be able to access an associated Cisco SD-WAN vEdge device. This vulnerability is due to insufficient authorization checks. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based messaging service interface of an affected system. A successful exploit could allow the attacker to gain unauthenticated read and write access to the affected vManage system. With this access, the attacker could access information about the affected vManage system, modify the configuration of the system, or make configuration changes to devices that are managed by the system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vmanagecatalyst_sd-wan_managerCisco SD-WAN vManage
CWE ID-CWE-284
Improper Access Control
CVE-2020-8708
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.43%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:23
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-compute_module_hns2600bpblc24rserver_system_r1304wt2gsrserver_system_lsvrp_firmwarecompute_module_hns2600tpfrserver_system_r2208wt2ysrserver_board_s2600wftserver_system_r2312wftzsrserver_system_r1000sp_firmwareserver_board_s2600kprserver_system_r1304wf0ysserver_system_r1304wf0ysrserver_system_r1304sposhbnserver_board_s2600kpfserver_system_lsvrp4304es6xx1server_board_s2600cwtserver_board_s2600kpcompute_module_hns2600bpbserver_board_s2600stbcompute_module_hns2600kprserver_system_r1208wttgsrserver_board_s2600cw2rserver_board_s2600wfqrcompute_module_hns2600tp24rserver_system_r2308wftzsserver_system_r2308wttysserver_system_r1000wf_firmwareserver_board_s2600wftrserver_system_r1304wt2gscompute_module_hns2600tprserver_system_r2208wf0zsserver_board_s2600kptrserver_board_s2600st_firmwareserver_system_r1208sposhorrcompute_module_hns2600tp_firmwareserver_board_s1200splserver_board_s2600cw2srserver_system_r1208wt2gsserver_board_s2600tpserver_system_r2208wttyc1rserver_board_s2600stqrcompute_module_hns2600bpblc24server_board_s2600cw2scompute_module_hns2600kp_firmwareserver_system_vrn2208wfaf83server_board_s2600cwtrserver_board_s1200spsserver_board_s2600bpqserver_system_r2208wt2ysserver_system_r1208wttgsserver_system_r1304wttgsserver_system_r2208wttysrserver_system_r1304sposhbnrserver_system_r2208wfqzsrserver_board_s2600tpfserver_board_s2600cwtsserver_system_lr1304sp_firmwareserver_system_r2312wf0nprserver_board_s2600wttrserver_board_s2600wt2server_system_r1208wfqysrserver_system_vrn2208wfhy6server_board_s2600stqserver_system_r2224wftzsserver_board_s2600wf0rserver_system_r2208wfqzsserver_system_nb2208wfqnfviserver_system_r2208wftzsserver_system_r2224wftzsrcompute_module_hns2600bpq24rserver_system_r2224wttysserver_board_s1200sp_firmwareserver_system_lr1304spcfg1rserver_system_lr1304spcfg1server_system_mcb2208wfaf5compute_module_hns2600bps24server_board_s2600bpsserver_board_s2600wt_firmwareserver_board_s2600bpqrserver_system_r2000wt_firmwareserver_system_r1208wt2gsrserver_system_vrn2208wfaf82compute_module_hns2600bpb24rserver_system_r1208wftysserver_system_r2000wf_firmwareserver_board_s2600cwserver_system_r2308wftzsrserver_system_lnetcnt3ycompute_module_s2600tp_firmwarecompute_module_hns2600bps24rserver_system_r1304wftysrserver_system_lsvrp4304es6xxrcompute_module_hns2600bpsrserver_board_s2600wt2rserver_system_mcb2208wfhy2server_board_s2600tpfrcompute_module_hns2600bpblcrserver_board_s2600cwtsrserver_system_r2224wfqzsserver_system_r2308wttysrcompute_module_hns2600tpfserver_system_r2312wftzsserver_system_vrn2208wfaf81server_board_s2600stbrcompute_module_hns2600bpqrserver_system_r2224wttysrserver_system_r2312wttyscompute_module_hns2600bpbrserver_system_r1208sposhorserver_board_s2600bp_firmwareserver_board_s2600bpbrserver_system_r1000wt_firmwareserver_board_s2600wttserver_board_s2600wf0compute_module_hns2600kpserver_system_r2312wfqzsserver_system_mcb2208wfaf6server_system_r1304wftysserver_system_r2208wttysserver_system_r1304sposhorrserver_system_vrn2208waf6compute_module_hns2600bp_firmwareserver_system_r1304sposhorcompute_module_hns2600tpcompute_module_hns2600kpfrcompute_module_hns2600bpqserver_board_s1200sporserver_board_s2600bpbserver_system_mcb2208wfaf4server_board_s1200splrserver_system_lr1304spcfsgx1compute_module_hns2600kpfcompute_module_hns2600bpblcserver_system_r2208wttyc1server_board_s2600cw2server_board_s1200sposerver_board_s2600wfqserver_board_s2600bpsrserver_system_r2312wf0npserver_system_r1304wttgsrserver_system_r2312wttysrserver_board_s2600kp_firmwareserver_system_r1208wttgsbppserver_board_s1200spsrcompute_module_hns2600bpsserver_system_r2208wf0zsrserver_board_s2600kpfrcompute_module_hns2600bpb24server_system_r2208wftzsrserver_system_r1208wftysrserver_board_s2600tprcompute_module_hns2600tp24srserver_board_s2600wf_firmwarecompute_module_hns2600bpq24Intel(R) Server Boards, Server Systems and Compute Modules Advisory
CWE ID-CWE-287
Improper Authentication
CVE-2020-8350
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.92%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 21:25
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_stack_wireless_routerthinkpad_stack_wireless_router_firmwareThinkPad Stack WIreless Router firmware
CWE ID-CWE-287
Improper Authentication
CVE-2017-18720
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.49%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:15
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6700d6200r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-27865
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-23.50% / 95.76%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 23:35
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the device. Was ZDI-CAN-10894.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1860dap-1860_firmwareDAP-1860
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2017-18772
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.49%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:47
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, R8500 before 1.0.2.74, and WNR2000v2 before 1.2.0.8.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500ex6130_firmwarer6700r8000r7000ex3800_firmwarewnr2000_firmwarer7900r6900ex3700r8500_firmwarer7300dst_firmwarer6900_firmwareex3800r7900_firmwarer7000_firmwareex3700_firmwarer6300r7300dstex6120r6300_firmwarer6700_firmwareex6130ex6120_firmwarewnr2000r8000_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-18733
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.49%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:22
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R7100LG before 1.0.0.32, R7300DST before 1.0.0.52, R8300 before 1.0.2.94, and R8500 before 1.0.2.100.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500d8500r8300_firmwarer6400_firmwarer7100lgd6400d6220r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwared6400_firmwarer7300dstd6220_firmwarer6400d8500_firmwarer6250_firmwarer6250n/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-18732
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.11%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:23
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-plw1000_firmwareplw1010plw1010_firmwarer6300r6300_firmwareplw1000n/a
CWE ID-CWE-287
Improper Authentication
CVE-2025-2121
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 2.25%
||
7 Day CHG~0.00%
Published-09 Mar, 2025 | 11:00
Updated-22 Jul, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Thinkware Car Dashcam F800 Pro File Storage access control

A vulnerability classified as critical has been found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected is an unknown function of the component File Storage. The manipulation leads to improper access controls. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-thinkwareThinkware
Product-f800_prof800_pro_firmwareCar Dashcam F800 Pro
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-284
Improper Access Control
CVE-2024-8805
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.03%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 21:02
Updated-20 Dec, 2024 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability

BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25177.

Action-Not Available
Vendor-BlueZ
Product-bluezBlueZbluez
CWE ID-CWE-284
Improper Access Control
CVE-2019-7226
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.29%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 15:52
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the username and cleartext password of the user. An attacker can then supply an IDALToken value in a cookie, which will allow them to perform privileged operations such as restarting the service with /cgi/restart. A GET request to /cgi/loginDefaultUser may result in "1 #S_OK IDALToken=532c8632b86694f0232a68a0897a145c admin admin" or a similar response.

Action-Not Available
Vendor-n/aABB
Product-pb610_panel_builder_600pb610_panel_builder_600_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-11478
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.61%
||
7 Day CHG~0.00%
Published-30 May, 2018 | 21:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be used to send commands to the car (different for every vendor / car product line / car). No authentication is needed, which allows attacks from the local Wi-Fi network.

Action-Not Available
Vendor-vgaten/a
Product-icar_2_wi-fi_obd2_firmwareicar_2_wi-fi_obd2n/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-26088
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-7.1||HIGH
EPSS-5.48% / 89.83%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 13:21
Updated-25 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortinet_single_sign-onFortinet FSSO Windows DC Agent, FSSO Windows CA
CWE ID-CWE-287
Improper Authentication
CVE-2017-2186
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.50% / 65.01%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI.

Action-Not Available
Vendor-kddiKDDI CORPORATION
Product-home_spot_cube_2_firmwarehome_spot_cube_2HOME SPOT CUBE2
CWE ID-CWE-287
Improper Authentication
CVE-2021-1600
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.3||HIGH
EPSS-0.11% / 29.47%
||
7 Day CHG~0.00%
Published-22 Jul, 2021 | 15:20
Updated-07 Nov, 2024 | 22:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities

Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-intersight_virtual_applianceCisco Intersight Virtual Appliance
CWE ID-CWE-284
Improper Access Control
CVE-2020-8709
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.43%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:52
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in socket services for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-compute_module_hns2600bpblc24rserver_system_r1304wt2gsrserver_system_lsvrp_firmwarecompute_module_hns2600tpfrserver_system_r2208wt2ysrserver_board_s2600wftserver_system_r2312wftzsrserver_system_r1000sp_firmwareserver_board_s2600kprserver_system_r1304wf0ysserver_system_r1304wf0ysrserver_system_r1304sposhbnserver_board_s2600kpfserver_system_lsvrp4304es6xx1server_board_s2600cwtserver_board_s2600kpcompute_module_hns2600bpbserver_board_s2600stbcompute_module_hns2600kprserver_system_r1208wttgsrserver_board_s2600cw2rserver_board_s2600wfqrcompute_module_hns2600tp24rserver_system_r2308wftzsserver_system_r2308wttysserver_system_r1000wf_firmwareserver_board_s2600wftrserver_system_r1304wt2gscompute_module_hns2600tprserver_system_r2208wf0zsserver_board_s2600kptrserver_board_s2600st_firmwareserver_system_r1208sposhorrcompute_module_hns2600tp_firmwareserver_board_s1200splserver_board_s2600cw2srserver_system_r1208wt2gsserver_board_s2600tpserver_system_r2208wttyc1rserver_board_s2600stqrcompute_module_hns2600bpblc24server_board_s2600cw2scompute_module_hns2600kp_firmwareserver_system_vrn2208wfaf83server_board_s2600cwtrserver_board_s1200spsserver_board_s2600bpqserver_system_r2208wt2ysserver_system_r1208wttgsserver_system_r1304wttgsserver_system_r2208wttysrserver_system_r1304sposhbnrserver_system_r2208wfqzsrserver_board_s2600tpfserver_board_s2600cwtsserver_system_lr1304sp_firmwareserver_system_r2312wf0nprserver_board_s2600wttrserver_board_s2600wt2server_system_r1208wfqysrserver_system_vrn2208wfhy6server_board_s2600stqserver_system_r2224wftzsserver_board_s2600wf0rserver_system_r2208wfqzsserver_system_nb2208wfqnfviserver_system_r2208wftzsserver_system_r2224wftzsrcompute_module_hns2600bpq24rserver_system_r2224wttysserver_board_s1200sp_firmwareserver_system_lr1304spcfg1rserver_system_lr1304spcfg1server_system_mcb2208wfaf5compute_module_hns2600bps24server_board_s2600bpsserver_board_s2600wt_firmwareserver_board_s2600bpqrserver_system_r2000wt_firmwareserver_system_r1208wt2gsrserver_system_vrn2208wfaf82compute_module_hns2600bpb24rserver_system_r1208wftysserver_system_r2000wf_firmwareserver_board_s2600cwserver_system_r2308wftzsrserver_system_lnetcnt3ycompute_module_s2600tp_firmwarecompute_module_hns2600bps24rserver_system_r1304wftysrserver_system_lsvrp4304es6xxrcompute_module_hns2600bpsrserver_board_s2600wt2rserver_system_mcb2208wfhy2server_board_s2600tpfrcompute_module_hns2600bpblcrserver_board_s2600cwtsrserver_system_r2224wfqzsserver_system_r2308wttysrcompute_module_hns2600tpfserver_system_r2312wftzsserver_system_vrn2208wfaf81server_board_s2600stbrcompute_module_hns2600bpqrserver_system_r2224wttysrserver_system_r2312wttyscompute_module_hns2600bpbrserver_system_r1208sposhorserver_board_s2600bp_firmwareserver_board_s2600bpbrserver_system_r1000wt_firmwareserver_board_s2600wttserver_board_s2600wf0compute_module_hns2600kpserver_system_r2312wfqzsserver_system_mcb2208wfaf6server_system_r1304wftysserver_system_r2208wttysserver_system_r1304sposhorrserver_system_vrn2208waf6compute_module_hns2600bp_firmwareserver_system_r1304sposhorcompute_module_hns2600tpcompute_module_hns2600kpfrcompute_module_hns2600bpqserver_board_s1200sporserver_board_s2600bpbserver_system_mcb2208wfaf4server_board_s1200splrserver_system_lr1304spcfsgx1compute_module_hns2600kpfcompute_module_hns2600bpblcserver_system_r2208wttyc1server_board_s2600cw2server_board_s1200sposerver_board_s2600wfqserver_board_s2600bpsrserver_system_r2312wf0npserver_system_r1304wttgsrserver_system_r2312wttysrserver_board_s2600kp_firmwareserver_system_r1208wttgsbppserver_board_s1200spsrcompute_module_hns2600bpsserver_system_r2208wf0zsrserver_board_s2600kpfrcompute_module_hns2600bpb24server_system_r2208wftzsrserver_system_r1208wftysrserver_board_s2600tprcompute_module_hns2600tp24srserver_board_s2600wf_firmwarecompute_module_hns2600bpq24Intel(R) Server Boards, Server Systems and Compute Modules Advisory
CWE ID-CWE-287
Improper Authentication
CVE-2020-5536
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.25%
||
7 Day CHG~0.00%
Published-04 Mar, 2020 | 01:35
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacker on the same network segment to bypass authentication and to initialize the device via unspecified vectors.

Action-Not Available
Vendor-plathomePlat'Home Co.,Ltd.
Product-openblocks_iot_vx2openblocks_iot_vx2_firmwareOpenBlocks IoT VX2
CWE ID-CWE-287
Improper Authentication
CVE-2020-35785
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-0.13% / 32.77%
||
7 Day CHG~0.00%
Published-29 Dec, 2020 | 23:40
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365).

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgn2200_firmwaredgn2200n/a
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • Next
Details not found