Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-15055

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-07 Aug, 2020 | 21:16
Updated At-04 Aug, 2024 | 13:08
Rejected At-
Credits

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:07 Aug, 2020 | 21:16
Updated At:04 Aug, 2024 | 13:08
Rejected At:
▼CVE Numbering Authority (CNA)

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://research.hisolutions.com/2020/05/critical-vulnerabilites-in-multiple-usb-network-servers/
x_refsource_MISC
Hyperlink: https://research.hisolutions.com/2020/05/critical-vulnerabilites-in-multiple-usb-network-servers/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://research.hisolutions.com/2020/05/critical-vulnerabilites-in-multiple-usb-network-servers/
x_refsource_MISC
x_transferred
Hyperlink: https://research.hisolutions.com/2020/05/critical-vulnerabilites-in-multiple-usb-network-servers/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:07 Aug, 2020 | 22:15
Updated At:09 Aug, 2020 | 20:18

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.08.3HIGH
AV:A/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 8.3
Base severity: HIGH
Vector:
AV:A/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
TP-Link Systems Inc.
tp-link
>>tl-ps310u_firmware>>Versions before 2.079.000.t0210(exclusive)
cpe:2.3:o:tp-link:tl-ps310u_firmware:*:*:*:*:*:*:*:*
TP-Link Systems Inc.
tp-link
>>tl-ps310u>>-
cpe:2.3:h:tp-link:tl-ps310u:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://research.hisolutions.com/2020/05/critical-vulnerabilites-in-multiple-usb-network-servers/cve@mitre.org
Broken Link
Third Party Advisory
Hyperlink: https://research.hisolutions.com/2020/05/critical-vulnerabilites-in-multiple-usb-network-servers/
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

120Records found
CVE-2017-18720
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.49%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:15
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6700d6200r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-27865
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-23.50% / 95.76%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 23:35
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the device. Was ZDI-CAN-10894.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1860dap-1860_firmwareDAP-1860
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2017-18772
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.49%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:47
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, R8500 before 1.0.2.74, and WNR2000v2 before 1.2.0.8.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500ex6130_firmwarer6700r8000r7000ex3800_firmwarewnr2000_firmwarer7900r6900ex3700r8500_firmwarer7300dst_firmwarer6900_firmwareex3800r7900_firmwarer7000_firmwareex3700_firmwarer6300r7300dstex6120r6300_firmwarer6700_firmwareex6130ex6120_firmwarewnr2000r8000_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2025-22477
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.3||HIGH
EPSS-0.12% / 31.34%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 16:03
Updated-13 May, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-storage_managerDell Storage Center - Dell Storage Manager
CWE ID-CWE-287
Improper Authentication
CVE-2017-18733
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.49%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:22
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R7100LG before 1.0.0.32, R7300DST before 1.0.0.52, R8300 before 1.0.2.94, and R8500 before 1.0.2.100.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500d8500r8300_firmwarer6400_firmwarer7100lgd6400d6220r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwared6400_firmwarer7300dstd6220_firmwarer6400d8500_firmwarer6250_firmwarer6250n/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-25183
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.14% / 35.20%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 19:18
Updated-22 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Medtronic MyCareLink Smart Improper Authentication

Medtronic MyCareLink Smart 25000 contains an authentication protocol vulnerability where the method used to authenticate between the MCL Smart Patient Reader and the Medtronic MyCareLink Smart mobile app is vulnerable to bypass. This vulnerability enables an attacker to use another mobile device or malicious application on the patient’s smartphone to authenticate to the patient’s Medtronic Smart Reader, fooling the device into believing it is communicating with the original Medtronic smart phone application when executed within range of Bluetooth communication.

Action-Not Available
Vendor-medtronicMedtronic
Product-mycarelink_smart_model_25000_firmwaremycarelink_smart_model_25000Smart Model 25000 Patient Reader
CWE ID-CWE-287
Improper Authentication
CVE-2017-18732
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.11%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:23
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-plw1000_firmwareplw1010plw1010_firmwarer6300r6300_firmwareplw1000n/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-28727
Matching Score-4
Assigner-Panasonic Holdings Corporation
ShareView Details
Matching Score-4
Assigner-Panasonic Holdings Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.01% / 0.87%
||
7 Day CHG~0.00%
Published-31 Mar, 2023 | 06:30
Updated-12 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers.

Action-Not Available
Vendor-panasonicPanasonic
Product-aiseg2aiseg2_firmwareAiSEG2
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CWE ID-CWE-287
Improper Authentication
CVE-2019-7226
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.29%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 15:52
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the username and cleartext password of the user. An attacker can then supply an IDALToken value in a cookie, which will allow them to perform privileged operations such as restarting the service with /cgi/restart. A GET request to /cgi/loginDefaultUser may result in "1 #S_OK IDALToken=532c8632b86694f0232a68a0897a145c admin admin" or a similar response.

Action-Not Available
Vendor-n/aABB
Product-pb610_panel_builder_600pb610_panel_builder_600_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2024-6235
Matching Score-4
Assigner-Citrix Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Citrix Systems, Inc.
CVSS Score-9.4||CRITICAL
EPSS-85.78% / 99.33%
||
7 Day CHG+1.39%
Published-10 Jul, 2024 | 19:07
Updated-14 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sensitive information disclosure

Sensitive information disclosure in NetScaler Console

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)NetScaler (Cloud Software Group, Inc.)
Product-netscaler_consoleNetScaler Consolenetscaler_console
CWE ID-CWE-287
Improper Authentication
CVE-2024-6174
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.15%
||
7 Day CHG~0.00%
Published-26 Jun, 2025 | 09:15
Updated-26 Aug, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.

Action-Not Available
Vendor-Canonical Ltd.
Product-cloud-initcloud-init
CWE ID-CWE-287
Improper Authentication
CVE-2022-40966
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.03% / 5.38%
||
7 Day CHG~0.00%
Published-07 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WRM-D2133HP firmware Ver. 2.85 and earlier, WRM-D2133HS firmware Ver. 2.96 and earlier, WTR-M2133HP firmware Ver. 2.85 and earlier, WTR-M2133HS firmware Ver. 2.96 and earlier, WXR-1900DHP firmware Ver. 2.50 and earlier, WXR-1900DHP2 firmware Ver. 2.59 and earlier, WXR-1900DHP3 firmware Ver. 2.63 and earlier, WXR-5950AX12 firmware Ver. 3.40 and earlier, WXR-6000AX12B firmware Ver. 3.40 and earlier, WXR-6000AX12S firmware Ver. 3.40 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-1750DHP2 firmware Ver. 2.31 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WEM-1266 firmware Ver. 2.85 and earlier, WEM-1266WP firmware Ver. 2.85 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WXR-1750DHP firmware Ver. 2.60 and earlier, WXR-1750DHP2 firmware Ver. 2.60 and earlier, WZR-1166DHP firmware Ver. 2.18 and earlier, WZR-1166DHP2 firmware Ver. 2.18 and earlier, WZR-1750DHP firmware Ver. 2.30 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-600DHP3 firmware Ver. 2.19 and earlier, WZR-900DHP2 firmware Ver. 2.19 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, WZR-HP-G450H firmware Ver. 1.90 and earlier, WZR-S1750DHP firmware Ver. 2.32 and earlier, WZR-S600DHP firmware Ver. 2.19 and earlier, and WZR-S900DHP firmware Ver. 2.19 and earlier.

Action-Not Available
Vendor-BUFFALO INC.
Product-wer-a54g54wtr-m2133hs_firmwarewer-ag54wer-ag54_firmwarewtr-m2133hsws024bf-nwwzr-hp-g302h_firmwarewlae-ag300nwzr-hp-g450hwzr-300hp_firmwarewhr-ampgwxr-1750dhp2_firmwarehw-450hp-zwewzr-hp-g450h_firmwarewpl-05g300wxr-6000ax12bwem-1266_firmwarewzr-s900dhp_firmwarewer-amg54wzr-ampg144nhwhr-g54swem-1266wp_firmwarefs-600dhp_firmwarewhr-g54s_firmwarewxr-6000ax12b_firmwarewrm-d2133hs_firmwarews024bf_firmwaredwr-pgwzr-450hp-ub_firmwarewhr-g_firmwarefs-g300nwzr-300hpwrm-d2133hswhr-hp-g54wrm-d2133hp_firmwarewhr-hp-g54_firmwarewzr-s1750dhp_firmwarewzr-1750dhp2wcr-300_firmwarewhr-hp-g_firmwarewhr-hp-ampgwhr-300hp_firmwarewzr-s900dhpwzr-g144ndwr-hp-g300nh_firmwarewzr-450hp_firmwarebhr-4grvwzr-1166dhpwzr-g144n_firmwarewzr-600dhpwhr-am54g54_firmwarewhr-hp-g300n_firmwarewhr-amg54ws024bf-nw_firmwarewlae-ag300n_firmwaredwr-pg_firmwarewzr-600dhp2wzr-s1750dhpwhr-hp-ampg_firmwarewli-h4-d600wzr-600dhp3_firmwarewer-amg54_firmwarewzr-900dhp2_firmwarewzr-g144nh_firmwarewxr-1750dhp_firmwarewhr-hp-g300nwzr-600dhp3wzr-450hp-cwt_firmwarewzr2-g300n_firmwarehw-450hp-zwe_firmwarewxr-1900dhp3_firmwarewzr-450hp-cwtwcr-300whr-g301n_firmwarewzr-900dhpwzr-900dhp_firmwarewzr-ampg144nh_firmwarewzr-hp-g301nhwhr-300_firmwarewhr-gwhr-hp-gn_firmwarewzr-g144nhwhr-g300n_firmwarewzr-s600dhp_firmwarefs-600dhpwhr-g301nwzr-600dhp2_firmwarewzr-450hpwhr-am54g54wzr-s600dhpwem-1266whr-amg54_firmwarewzr-ampg300nhwzr-1750dhp_firmwarewer-a54g54_firmwarewhr-g54s-niwzr2-g300nwhr-g300nfs-r600dhpwxr-6000ax12s_firmwarewtr-m2133hp_firmwarewtr-m2133hpwzr-1750dhp2_firmwarewxr-1750dhpwhr-g54s-ni_firmwarewhr-hp-gnwzr-1166dhp2_firmwarewzr-hp-g302hwzr-agl300nhfs-r600dhp_firmwarewxr-1900dhp2ws024bfwxr-5950ax12_firmwarewzr-450hp-ubwli-h4-d600_firmwaredwr-hp-g300nhwzr-agl300nh_firmwarewxr-1900dhp3wzr-1166dhp_firmwarewxr-1900dhp_firmwarewzr-hp-g300nhfs-hp-g300nwzr-hp-g301nh_firmwarewzr-1166dhp2wzr-1750dhpwxr-1750dhp2wzr-ampg300nh_firmwarewzr-d1100hwhr-300hpwpl-05g300_firmwarewxr-5950ax12wer-am54g54_firmwarewem-1266wpwhr-hp-gfs-g300n_firmwarewzr-hp-ag300hwzr-hp-ag300h_firmwarewxr-1900dhpwrm-d2133hpfs-hp-g300n_firmwarewxr-1900dhp2_firmwarewzr-900dhp2wzr-hp-g300nh_firmwarewxr-6000ax12swzr-600dhp_firmwarewhr-300whr-ampg_firmwarewer-am54g54wzr-d1100h_firmwarebhr-4grv_firmwareBuffalo network devices
CWE ID-CWE-287
Improper Authentication
CVE-2024-46434
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.25% / 47.93%
||
7 Day CHG~0.00%
Published-10 Feb, 2025 | 00:00
Updated-25 Mar, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w18e_firmwarew18en/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-25863
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.59%
||
7 Day CHG~0.00%
Published-26 Jan, 2021 | 07:05
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.

Action-Not Available
Vendor-open5gsn/a
Product-open5gsn/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-26637
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.93% / 75.17%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 13:55
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SiHAS Improper Authentication vulnerability

There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device.

Action-Not Available
Vendor-shinasysShina System Co.,Ltd
Product-sihas_sgw-300sihas_acm-300sihas_sgw-300_firmwaresihas_gcm-300sihas_gcm-300_firmwaresihas_acm-300_firmwareSiHAS firmwareSiHAS old app
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-22943
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-9.6||CRITICAL
EPSS-0.12% / 30.99%
||
7 Day CHG~0.00%
Published-31 Aug, 2021 | 16:53
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later.

Action-Not Available
Vendor-n/aUbiquiti Inc.
Product-unifi_protectUniFi Protect application
CWE ID-CWE-287
Improper Authentication
CVE-2017-2186
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.50% / 65.01%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI.

Action-Not Available
Vendor-kddiKDDI CORPORATION
Product-home_spot_cube_2_firmwarehome_spot_cube_2HOME SPOT CUBE2
CWE ID-CWE-287
Improper Authentication
CVE-2020-8709
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.43%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:52
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in socket services for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-compute_module_hns2600bpblc24rserver_system_r1304wt2gsrserver_system_lsvrp_firmwarecompute_module_hns2600tpfrserver_system_r2208wt2ysrserver_board_s2600wftserver_system_r2312wftzsrserver_system_r1000sp_firmwareserver_board_s2600kprserver_system_r1304wf0ysserver_system_r1304wf0ysrserver_system_r1304sposhbnserver_board_s2600kpfserver_system_lsvrp4304es6xx1server_board_s2600cwtserver_board_s2600kpcompute_module_hns2600bpbserver_board_s2600stbcompute_module_hns2600kprserver_system_r1208wttgsrserver_board_s2600cw2rserver_board_s2600wfqrcompute_module_hns2600tp24rserver_system_r2308wftzsserver_system_r2308wttysserver_system_r1000wf_firmwareserver_board_s2600wftrserver_system_r1304wt2gscompute_module_hns2600tprserver_system_r2208wf0zsserver_board_s2600kptrserver_board_s2600st_firmwareserver_system_r1208sposhorrcompute_module_hns2600tp_firmwareserver_board_s1200splserver_board_s2600cw2srserver_system_r1208wt2gsserver_board_s2600tpserver_system_r2208wttyc1rserver_board_s2600stqrcompute_module_hns2600bpblc24server_board_s2600cw2scompute_module_hns2600kp_firmwareserver_system_vrn2208wfaf83server_board_s2600cwtrserver_board_s1200spsserver_board_s2600bpqserver_system_r2208wt2ysserver_system_r1208wttgsserver_system_r1304wttgsserver_system_r2208wttysrserver_system_r1304sposhbnrserver_system_r2208wfqzsrserver_board_s2600tpfserver_board_s2600cwtsserver_system_lr1304sp_firmwareserver_system_r2312wf0nprserver_board_s2600wttrserver_board_s2600wt2server_system_r1208wfqysrserver_system_vrn2208wfhy6server_board_s2600stqserver_system_r2224wftzsserver_board_s2600wf0rserver_system_r2208wfqzsserver_system_nb2208wfqnfviserver_system_r2208wftzsserver_system_r2224wftzsrcompute_module_hns2600bpq24rserver_system_r2224wttysserver_board_s1200sp_firmwareserver_system_lr1304spcfg1rserver_system_lr1304spcfg1server_system_mcb2208wfaf5compute_module_hns2600bps24server_board_s2600bpsserver_board_s2600wt_firmwareserver_board_s2600bpqrserver_system_r2000wt_firmwareserver_system_r1208wt2gsrserver_system_vrn2208wfaf82compute_module_hns2600bpb24rserver_system_r1208wftysserver_system_r2000wf_firmwareserver_board_s2600cwserver_system_r2308wftzsrserver_system_lnetcnt3ycompute_module_s2600tp_firmwarecompute_module_hns2600bps24rserver_system_r1304wftysrserver_system_lsvrp4304es6xxrcompute_module_hns2600bpsrserver_board_s2600wt2rserver_system_mcb2208wfhy2server_board_s2600tpfrcompute_module_hns2600bpblcrserver_board_s2600cwtsrserver_system_r2224wfqzsserver_system_r2308wttysrcompute_module_hns2600tpfserver_system_r2312wftzsserver_system_vrn2208wfaf81server_board_s2600stbrcompute_module_hns2600bpqrserver_system_r2224wttysrserver_system_r2312wttyscompute_module_hns2600bpbrserver_system_r1208sposhorserver_board_s2600bp_firmwareserver_board_s2600bpbrserver_system_r1000wt_firmwareserver_board_s2600wttserver_board_s2600wf0compute_module_hns2600kpserver_system_r2312wfqzsserver_system_mcb2208wfaf6server_system_r1304wftysserver_system_r2208wttysserver_system_r1304sposhorrserver_system_vrn2208waf6compute_module_hns2600bp_firmwareserver_system_r1304sposhorcompute_module_hns2600tpcompute_module_hns2600kpfrcompute_module_hns2600bpqserver_board_s1200sporserver_board_s2600bpbserver_system_mcb2208wfaf4server_board_s1200splrserver_system_lr1304spcfsgx1compute_module_hns2600kpfcompute_module_hns2600bpblcserver_system_r2208wttyc1server_board_s2600cw2server_board_s1200sposerver_board_s2600wfqserver_board_s2600bpsrserver_system_r2312wf0npserver_system_r1304wttgsrserver_system_r2312wttysrserver_board_s2600kp_firmwareserver_system_r1208wttgsbppserver_board_s1200spsrcompute_module_hns2600bpsserver_system_r2208wf0zsrserver_board_s2600kpfrcompute_module_hns2600bpb24server_system_r2208wftzsrserver_system_r1208wftysrserver_board_s2600tprcompute_module_hns2600tp24srserver_board_s2600wf_firmwarecompute_module_hns2600bpq24Intel(R) Server Boards, Server Systems and Compute Modules Advisory
CWE ID-CWE-287
Improper Authentication
CVE-2020-5536
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.25%
||
7 Day CHG~0.00%
Published-04 Mar, 2020 | 01:35
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacker on the same network segment to bypass authentication and to initialize the device via unspecified vectors.

Action-Not Available
Vendor-plathomePlat'Home Co.,Ltd.
Product-openblocks_iot_vx2openblocks_iot_vx2_firmwareOpenBlocks IoT VX2
CWE ID-CWE-287
Improper Authentication
CVE-2020-35785
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-0.13% / 32.77%
||
7 Day CHG~0.00%
Published-29 Dec, 2020 | 23:40
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365).

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgn2200_firmwaredgn2200n/a
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found