Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-38555

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-26 Jul, 2023 | 07:43
Updated At-14 Nov, 2024 | 15:00
Rejected At-
Credits

Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products. Affected products and versions are as follows: Si-R 30B all versions, Si-R 130B all versions, Si-R 90brin all versions, Si-R570B all versions, Si-R370B all versions, Si-R220D all versions, Si-R G100 V02.54 and earlier, Si-R G200 V02.54 and earlier, Si-R G100B V04.12 and earlier, Si-R G110B V04.12 and earlier, Si-R G200B V04.12 and earlier, Si-R G210 V20.52 and earlier, Si-R G211 V20.52 and earlier, Si-R G120 V20.52 and earlier, Si-R G121 V20.52 and earlier, and SR-M 50AP1 all versions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:26 Jul, 2023 | 07:43
Updated At:14 Nov, 2024 | 15:00
Rejected At:
▼CVE Numbering Authority (CNA)

Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products. Affected products and versions are as follows: Si-R 30B all versions, Si-R 130B all versions, Si-R 90brin all versions, Si-R570B all versions, Si-R370B all versions, Si-R220D all versions, Si-R G100 V02.54 and earlier, Si-R G200 V02.54 and earlier, Si-R G100B V04.12 and earlier, Si-R G110B V04.12 and earlier, Si-R G200B V04.12 and earlier, Si-R G210 V20.52 and earlier, Si-R G211 V20.52 and earlier, Si-R G120 V20.52 and earlier, Si-R G121 V20.52 and earlier, and SR-M 50AP1 all versions.

Affected Products
Vendor
Fujitsu LimitedFujitsu Limited
Product
Si-R 30B
Versions
Affected
  • All versions
Vendor
Fujitsu LimitedFujitsu Limited
Product
Si-R 130B
Versions
Affected
  • All versions
Vendor
Fujitsu LimitedFujitsu Limited
Product
Si-R 90brin
Versions
Affected
  • All versions
Vendor
Fujitsu LimitedFujitsu Limited
Product
Si-R570B
Versions
Affected
  • All versions
Vendor
Fujitsu LimitedFujitsu Limited
Product
Si-R370B
Versions
Affected
  • All versions
Vendor
Fujitsu LimitedFujitsu Limited
Product
Si-R220D
Versions
Affected
  • All versions
Vendor
Fujitsu LimitedFujitsu Limited
Product
Si-R G100
Versions
Affected
  • V02.54 and earlier
Vendor
Fujitsu LimitedFujitsu Limited
Product
Si-R G200
Versions
Affected
  • V02.54 and earlier
Vendor
Fujitsu LimitedFujitsu Limited
Product
Si-R G100B
Versions
Affected
  • V04.12 and earlier
Vendor
Fujitsu LimitedFujitsu Limited
Product
Si-R G110B
Versions
Affected
  • V04.12 and earlier
Vendor
Fujitsu LimitedFujitsu Limited
Product
Si-R G200B
Versions
Affected
  • V04.12 and earlier
Vendor
Fujitsu LimitedFujitsu Limited
Product
Si-R G210
Versions
Affected
  • V20.52 and earlier
Vendor
Fujitsu LimitedFujitsu Limited
Product
Si-R G211
Versions
Affected
  • V20.52 and earlier
Vendor
Fujitsu LimitedFujitsu Limited
Product
Si-R G120
Versions
Affected
  • V20.52 and earlier
Vendor
Fujitsu LimitedFujitsu Limited
Product
Si-R G121
Versions
Affected
  • V20.52 and earlier
Vendor
Fujitsu LimitedFujitsu Limited
Product
SR-M 50AP1
Versions
Affected
  • All versions
Problem Types
TypeCWE IDDescription
textN/AAuthentication bypass
Type: text
CWE ID: N/A
Description: Authentication bypass
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.fujitsu.com/jp/products/network/support/2023/fjlan-01/
N/A
https://jvn.jp/en/vu/JVNVU96643580/
N/A
Hyperlink: https://www.fujitsu.com/jp/products/network/support/2023/fjlan-01/
Resource: N/A
Hyperlink: https://jvn.jp/en/vu/JVNVU96643580/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.fujitsu.com/jp/products/network/support/2023/fjlan-01/
x_transferred
https://jvn.jp/en/vu/JVNVU96643580/
x_transferred
Hyperlink: https://www.fujitsu.com/jp/products/network/support/2023/fjlan-01/
Resource:
x_transferred
Hyperlink: https://jvn.jp/en/vu/JVNVU96643580/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:26 Jul, 2023 | 08:15
Updated At:03 Aug, 2023 | 15:10

Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products. Affected products and versions are as follows: Si-R 30B all versions, Si-R 130B all versions, Si-R 90brin all versions, Si-R570B all versions, Si-R370B all versions, Si-R220D all versions, Si-R G100 V02.54 and earlier, Si-R G200 V02.54 and earlier, Si-R G100B V04.12 and earlier, Si-R G110B V04.12 and earlier, Si-R G200B V04.12 and earlier, Si-R G210 V20.52 and earlier, Si-R G211 V20.52 and earlier, Si-R G120 V20.52 and earlier, Si-R G121 V20.52 and earlier, and SR-M 50AP1 all versions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Fujitsu Limited
fujitsu
>>si-r_30b_firmware>>*
cpe:2.3:o:fujitsu:si-r_30b_firmware:*:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_30b>>-
cpe:2.3:h:fujitsu:si-r_30b:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_130b_firmware>>*
cpe:2.3:o:fujitsu:si-r_130b_firmware:*:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_130b>>-
cpe:2.3:h:fujitsu:si-r_130b:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_90brin_firmware>>*
cpe:2.3:o:fujitsu:si-r_90brin_firmware:*:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_90brin>>-
cpe:2.3:h:fujitsu:si-r_90brin:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r570b_firmware>>*
cpe:2.3:o:fujitsu:si-r570b_firmware:*:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r570b>>-
cpe:2.3:h:fujitsu:si-r570b:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r370b_firmware>>*
cpe:2.3:o:fujitsu:si-r370b_firmware:*:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r370b>>-
cpe:2.3:h:fujitsu:si-r370b:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r220d_firmware>>*
cpe:2.3:o:fujitsu:si-r220d_firmware:*:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r220d>>-
cpe:2.3:h:fujitsu:si-r220d:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_g100_firmware>>Versions up to 02.54(inclusive)
cpe:2.3:o:fujitsu:si-r_g100_firmware:*:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_g100>>-
cpe:2.3:h:fujitsu:si-r_g100:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_g200_firmware>>Versions up to 02.54(inclusive)
cpe:2.3:o:fujitsu:si-r_g200_firmware:*:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_g200>>-
cpe:2.3:h:fujitsu:si-r_g200:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_g100b_firmware>>Versions up to 04.12(inclusive)
cpe:2.3:o:fujitsu:si-r_g100b_firmware:*:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_g100b>>-
cpe:2.3:h:fujitsu:si-r_g100b:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_g110b_firmware>>Versions up to 04.12(inclusive)
cpe:2.3:o:fujitsu:si-r_g110b_firmware:*:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_g110b>>-
cpe:2.3:h:fujitsu:si-r_g110b:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_g200b_firmware>>Versions up to 04.12(inclusive)
cpe:2.3:o:fujitsu:si-r_g200b_firmware:*:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_g200b>>-
cpe:2.3:h:fujitsu:si-r_g200b:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_g210_firmware>>Versions up to 20.52(inclusive)
cpe:2.3:o:fujitsu:si-r_g210_firmware:*:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_g210>>-
cpe:2.3:h:fujitsu:si-r_g210:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_g211_firmware>>Versions up to 20.52(inclusive)
cpe:2.3:o:fujitsu:si-r_g211_firmware:*:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_g211>>-
cpe:2.3:h:fujitsu:si-r_g211:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_g120_firmware>>Versions up to 20.52(inclusive)
cpe:2.3:o:fujitsu:si-r_g120_firmware:*:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_g120>>-
cpe:2.3:h:fujitsu:si-r_g120:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_g121_firmware>>Versions up to 20.52(inclusive)
cpe:2.3:o:fujitsu:si-r_g121_firmware:*:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>si-r_g121>>-
cpe:2.3:h:fujitsu:si-r_g121:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>sr-m_50ap1_firmware>>*
cpe:2.3:o:fujitsu:sr-m_50ap1_firmware:*:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>sr-m_50ap1>>-
cpe:2.3:h:fujitsu:sr-m_50ap1:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jvn.jp/en/vu/JVNVU96643580/vultures@jpcert.or.jp
Third Party Advisory
https://www.fujitsu.com/jp/products/network/support/2023/fjlan-01/vultures@jpcert.or.jp
Vendor Advisory
Hyperlink: https://jvn.jp/en/vu/JVNVU96643580/
Source: vultures@jpcert.or.jp
Resource:
Third Party Advisory
Hyperlink: https://www.fujitsu.com/jp/products/network/support/2023/fjlan-01/
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

75Records found
CVE-2022-22990
Matching Score-4
Assigner-Western Digital
ShareView Details
Matching Score-4
Assigner-Western Digital
CVSS Score-7.8||HIGH
EPSS-1.60% / 80.94%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 20:27
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Limited authentication bypass vulnerability on Western Digital My Cloud devices

A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts.

Action-Not Available
Vendor-Western Digital Corp.
Product-my_cloud_dl2100wd_cloudmy_cloudmy_cloud_ex4100my_cloud_ex2_ultramy_cloud_osmy_cloud_mirror_gen_2my_cloud_pr2100my_cloud_dl4100my_cloud_ex2100my_cloud_pr4100My Cloud
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-697
Incorrect Comparison
CVE-2020-8350
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.92%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 21:25
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_stack_wireless_routerthinkpad_stack_wireless_router_firmwareThinkPad Stack WIreless Router firmware
CWE ID-CWE-287
Improper Authentication
CVE-2020-15059
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.09% / 27.17%
||
7 Day CHG~0.00%
Published-07 Aug, 2020 | 21:22
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.

Action-Not Available
Vendor-lindy-internationaln/a
Product-42633_firmware42633n/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-15063
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.09% / 27.17%
||
7 Day CHG~0.00%
Published-07 Aug, 2020 | 21:26
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.

Action-Not Available
Vendor-digitusn/a
Product-da-70254_firmwareda-70254n/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-15055
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.09% / 27.17%
||
7 Day CHG~0.00%
Published-07 Aug, 2020 | 21:16
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-ps310u_firmwaretl-ps310un/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-35231
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.10%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 18:14
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jgs516pe_firmwaregs116e_firmwaregs116ejgs516pen/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-18720
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.49%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:15
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6700d6200r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-27865
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-23.50% / 95.76%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 23:35
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the device. Was ZDI-CAN-10894.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1860dap-1860_firmwareDAP-1860
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2017-18772
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.49%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:47
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, R8500 before 1.0.2.74, and WNR2000v2 before 1.2.0.8.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500ex6130_firmwarer6700r8000r7000ex3800_firmwarewnr2000_firmwarer7900r6900ex3700r8500_firmwarer7300dst_firmwarer6900_firmwareex3800r7900_firmwarer7000_firmwareex3700_firmwarer6300r7300dstex6120r6300_firmwarer6700_firmwareex6130ex6120_firmwarewnr2000r8000_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2025-22477
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.3||HIGH
EPSS-0.12% / 31.34%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 16:03
Updated-13 May, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-storage_managerDell Storage Center - Dell Storage Manager
CWE ID-CWE-287
Improper Authentication
CVE-2017-18733
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.49%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:22
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R7100LG before 1.0.0.32, R7300DST before 1.0.0.52, R8300 before 1.0.2.94, and R8500 before 1.0.2.100.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500d8500r8300_firmwarer6400_firmwarer7100lgd6400d6220r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwared6400_firmwarer7300dstd6220_firmwarer6400d8500_firmwarer6250_firmwarer6250n/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-25183
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.14% / 35.20%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 19:18
Updated-22 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Medtronic MyCareLink Smart Improper Authentication

Medtronic MyCareLink Smart 25000 contains an authentication protocol vulnerability where the method used to authenticate between the MCL Smart Patient Reader and the Medtronic MyCareLink Smart mobile app is vulnerable to bypass. This vulnerability enables an attacker to use another mobile device or malicious application on the patient’s smartphone to authenticate to the patient’s Medtronic Smart Reader, fooling the device into believing it is communicating with the original Medtronic smart phone application when executed within range of Bluetooth communication.

Action-Not Available
Vendor-medtronicMedtronic
Product-mycarelink_smart_model_25000_firmwaremycarelink_smart_model_25000Smart Model 25000 Patient Reader
CWE ID-CWE-287
Improper Authentication
CVE-2017-18732
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.11%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 16:23
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-plw1000_firmwareplw1010plw1010_firmwarer6300r6300_firmwareplw1000n/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-28727
Matching Score-4
Assigner-Panasonic Holdings Corporation
ShareView Details
Matching Score-4
Assigner-Panasonic Holdings Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.01% / 0.87%
||
7 Day CHG~0.00%
Published-31 Mar, 2023 | 06:30
Updated-12 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers.

Action-Not Available
Vendor-panasonicPanasonic
Product-aiseg2aiseg2_firmwareAiSEG2
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CWE ID-CWE-287
Improper Authentication
CVE-2019-7226
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.29%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 15:52
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the username and cleartext password of the user. An attacker can then supply an IDALToken value in a cookie, which will allow them to perform privileged operations such as restarting the service with /cgi/restart. A GET request to /cgi/loginDefaultUser may result in "1 #S_OK IDALToken=532c8632b86694f0232a68a0897a145c admin admin" or a similar response.

Action-Not Available
Vendor-n/aABB
Product-pb610_panel_builder_600pb610_panel_builder_600_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-37284
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.02% / 3.69%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 09:24
Updated-26 Sep, 2024 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-archer_c20archer_c20_firmwareArcher C20archer_c20_firmware
CWE ID-CWE-287
Improper Authentication
CVE-2024-6235
Matching Score-4
Assigner-Citrix Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Citrix Systems, Inc.
CVSS Score-9.4||CRITICAL
EPSS-85.78% / 99.33%
||
7 Day CHG+1.39%
Published-10 Jul, 2024 | 19:07
Updated-14 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sensitive information disclosure

Sensitive information disclosure in NetScaler Console

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)NetScaler (Cloud Software Group, Inc.)
Product-netscaler_consoleNetScaler Consolenetscaler_console
CWE ID-CWE-287
Improper Authentication
CVE-2024-6174
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.15%
||
7 Day CHG~0.00%
Published-26 Jun, 2025 | 09:15
Updated-26 Aug, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.

Action-Not Available
Vendor-Canonical Ltd.
Product-cloud-initcloud-init
CWE ID-CWE-287
Improper Authentication
CVE-2022-40966
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.03% / 5.38%
||
7 Day CHG~0.00%
Published-07 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN firmware Ver. 1.87 and earlier, WPL-05G300 firmware Ver. 1.88 and earlier, WRM-D2133HP firmware Ver. 2.85 and earlier, WRM-D2133HS firmware Ver. 2.96 and earlier, WTR-M2133HP firmware Ver. 2.85 and earlier, WTR-M2133HS firmware Ver. 2.96 and earlier, WXR-1900DHP firmware Ver. 2.50 and earlier, WXR-1900DHP2 firmware Ver. 2.59 and earlier, WXR-1900DHP3 firmware Ver. 2.63 and earlier, WXR-5950AX12 firmware Ver. 3.40 and earlier, WXR-6000AX12B firmware Ver. 3.40 and earlier, WXR-6000AX12S firmware Ver. 3.40 and earlier, WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600DHP firmware Ver. 2.00 and earlier, WZR-900DHP firmware Ver. 1.15 and earlier, WZR-1750DHP2 firmware Ver. 2.31 and earlier, WZR-HP-AG300H firmware Ver. 1.76 and earlier, WZR-HP-G302H firmware Ver. 1.86 and earlier, WEM-1266 firmware Ver. 2.85 and earlier, WEM-1266WP firmware Ver. 2.85 and earlier, WLAE-AG300N firmware Ver. 1.86 and earlier, FS-600DHP firmware Ver. 3.40 and earlier, FS-G300N firmware Ver. 3.14 and earlier, FS-HP-G300N firmware Ver. 3.33 and earlier, FS-R600DHP firmware Ver. 3.40 and earlier, BHR-4GRV firmware Ver. 2.00 and earlier, DWR-HP-G300NH firmware Ver. 1.84 and earlier, DWR-PG firmware Ver. 1.83 and earlier, HW-450HP-ZWE firmware Ver. 2.00 and earlier, WER-A54G54 firmware Ver. 1.43 and earlier, WER-AG54 firmware Ver. 1.43 and earlier, WER-AM54G54 firmware Ver. 1.43 and earlier, WER-AMG54 firmware Ver. 1.43 and earlier, WHR-300 firmware Ver. 2.00 and earlier, WHR-300HP firmware Ver. 2.00 and earlier, WHR-AM54G54 firmware Ver. 1.43 and earlier, WHR-AMG54 firmware Ver. 1.43 and earlier, WHR-AMPG firmware Ver. 1.52 and earlier, WHR-G firmware Ver. 1.49 and earlier, WHR-G300N firmware Ver. 1.65 and earlier, WHR-G301N firmware Ver. 1.87 and earlier, WHR-G54S firmware Ver. 1.43 and earlier, WHR-G54S-NI firmware Ver. 1.24 and earlier, WHR-HP-AMPG firmware Ver. 1.43 and earlier, WHR-HP-G firmware Ver. 1.49 and earlier, WHR-HP-G54 firmware Ver. 1.43 and earlier, WLI-H4-D600 firmware Ver. 1.88 and earlier, WS024BF firmware Ver. 1.60 and earlier, WS024BF-NW firmware Ver. 1.60 and earlier, WXR-1750DHP firmware Ver. 2.60 and earlier, WXR-1750DHP2 firmware Ver. 2.60 and earlier, WZR-1166DHP firmware Ver. 2.18 and earlier, WZR-1166DHP2 firmware Ver. 2.18 and earlier, WZR-1750DHP firmware Ver. 2.30 and earlier, WZR2-G300N firmware Ver. 1.55 and earlier, WZR-450HP-CWT firmware Ver. 2.00 and earlier, WZR-450HP-UB firmware Ver. 2.00 and earlier, WZR-600DHP2 firmware Ver. 1.15 and earlier, WZR-600DHP3 firmware Ver. 2.19 and earlier, WZR-900DHP2 firmware Ver. 2.19 and earlier, WZR-AGL300NH firmware Ver. 1.55 and earlier, WZR-AMPG144NH firmware Ver. 1.49 and earlier, WZR-AMPG300NH firmware Ver. 1.51 and earlier, WZR-D1100H firmware Ver. 2.00 and earlier, WZR-G144N firmware Ver. 1.48 and earlier, WZR-G144NH firmware Ver. 1.48 and earlier, WZR-HP-G300NH firmware Ver. 1.84 and earlier, WZR-HP-G301NH firmware Ver. 1.84 and earlier, WZR-HP-G450H firmware Ver. 1.90 and earlier, WZR-S1750DHP firmware Ver. 2.32 and earlier, WZR-S600DHP firmware Ver. 2.19 and earlier, and WZR-S900DHP firmware Ver. 2.19 and earlier.

Action-Not Available
Vendor-BUFFALO INC.
Product-wer-a54g54wtr-m2133hs_firmwarewer-ag54wer-ag54_firmwarewtr-m2133hsws024bf-nwwzr-hp-g302h_firmwarewlae-ag300nwzr-hp-g450hwzr-300hp_firmwarewhr-ampgwxr-1750dhp2_firmwarehw-450hp-zwewzr-hp-g450h_firmwarewpl-05g300wxr-6000ax12bwem-1266_firmwarewzr-s900dhp_firmwarewer-amg54wzr-ampg144nhwhr-g54swem-1266wp_firmwarefs-600dhp_firmwarewhr-g54s_firmwarewxr-6000ax12b_firmwarewrm-d2133hs_firmwarews024bf_firmwaredwr-pgwzr-450hp-ub_firmwarewhr-g_firmwarefs-g300nwzr-300hpwrm-d2133hswhr-hp-g54wrm-d2133hp_firmwarewhr-hp-g54_firmwarewzr-s1750dhp_firmwarewzr-1750dhp2wcr-300_firmwarewhr-hp-g_firmwarewhr-hp-ampgwhr-300hp_firmwarewzr-s900dhpwzr-g144ndwr-hp-g300nh_firmwarewzr-450hp_firmwarebhr-4grvwzr-1166dhpwzr-g144n_firmwarewzr-600dhpwhr-am54g54_firmwarewhr-hp-g300n_firmwarewhr-amg54ws024bf-nw_firmwarewlae-ag300n_firmwaredwr-pg_firmwarewzr-600dhp2wzr-s1750dhpwhr-hp-ampg_firmwarewli-h4-d600wzr-600dhp3_firmwarewer-amg54_firmwarewzr-900dhp2_firmwarewzr-g144nh_firmwarewxr-1750dhp_firmwarewhr-hp-g300nwzr-600dhp3wzr-450hp-cwt_firmwarewzr2-g300n_firmwarehw-450hp-zwe_firmwarewxr-1900dhp3_firmwarewzr-450hp-cwtwcr-300whr-g301n_firmwarewzr-900dhpwzr-900dhp_firmwarewzr-ampg144nh_firmwarewzr-hp-g301nhwhr-300_firmwarewhr-gwhr-hp-gn_firmwarewzr-g144nhwhr-g300n_firmwarewzr-s600dhp_firmwarefs-600dhpwhr-g301nwzr-600dhp2_firmwarewzr-450hpwhr-am54g54wzr-s600dhpwem-1266whr-amg54_firmwarewzr-ampg300nhwzr-1750dhp_firmwarewer-a54g54_firmwarewhr-g54s-niwzr2-g300nwhr-g300nfs-r600dhpwxr-6000ax12s_firmwarewtr-m2133hp_firmwarewtr-m2133hpwzr-1750dhp2_firmwarewxr-1750dhpwhr-g54s-ni_firmwarewhr-hp-gnwzr-1166dhp2_firmwarewzr-hp-g302hwzr-agl300nhfs-r600dhp_firmwarewxr-1900dhp2ws024bfwxr-5950ax12_firmwarewzr-450hp-ubwli-h4-d600_firmwaredwr-hp-g300nhwzr-agl300nh_firmwarewxr-1900dhp3wzr-1166dhp_firmwarewxr-1900dhp_firmwarewzr-hp-g300nhfs-hp-g300nwzr-hp-g301nh_firmwarewzr-1166dhp2wzr-1750dhpwxr-1750dhp2wzr-ampg300nh_firmwarewzr-d1100hwhr-300hpwpl-05g300_firmwarewxr-5950ax12wer-am54g54_firmwarewem-1266wpwhr-hp-gfs-g300n_firmwarewzr-hp-ag300hwzr-hp-ag300h_firmwarewxr-1900dhpwrm-d2133hpfs-hp-g300n_firmwarewxr-1900dhp2_firmwarewzr-900dhp2wzr-hp-g300nh_firmwarewxr-6000ax12swzr-600dhp_firmwarewhr-300whr-ampg_firmwarewer-am54g54wzr-d1100h_firmwarebhr-4grv_firmwareBuffalo network devices
CWE ID-CWE-287
Improper Authentication
CVE-2024-46434
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.25% / 47.93%
||
7 Day CHG~0.00%
Published-10 Feb, 2025 | 00:00
Updated-25 Mar, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w18e_firmwarew18en/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-25863
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.59%
||
7 Day CHG~0.00%
Published-26 Jan, 2021 | 07:05
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.

Action-Not Available
Vendor-open5gsn/a
Product-open5gsn/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-26637
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.93% / 75.17%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 13:55
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SiHAS Improper Authentication vulnerability

There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device.

Action-Not Available
Vendor-shinasysShina System Co.,Ltd
Product-sihas_sgw-300sihas_acm-300sihas_sgw-300_firmwaresihas_gcm-300sihas_gcm-300_firmwaresihas_acm-300_firmwareSiHAS firmwareSiHAS old app
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-8709
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.43%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:52
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in socket services for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-compute_module_hns2600bpblc24rserver_system_r1304wt2gsrserver_system_lsvrp_firmwarecompute_module_hns2600tpfrserver_system_r2208wt2ysrserver_board_s2600wftserver_system_r2312wftzsrserver_system_r1000sp_firmwareserver_board_s2600kprserver_system_r1304wf0ysserver_system_r1304wf0ysrserver_system_r1304sposhbnserver_board_s2600kpfserver_system_lsvrp4304es6xx1server_board_s2600cwtserver_board_s2600kpcompute_module_hns2600bpbserver_board_s2600stbcompute_module_hns2600kprserver_system_r1208wttgsrserver_board_s2600cw2rserver_board_s2600wfqrcompute_module_hns2600tp24rserver_system_r2308wftzsserver_system_r2308wttysserver_system_r1000wf_firmwareserver_board_s2600wftrserver_system_r1304wt2gscompute_module_hns2600tprserver_system_r2208wf0zsserver_board_s2600kptrserver_board_s2600st_firmwareserver_system_r1208sposhorrcompute_module_hns2600tp_firmwareserver_board_s1200splserver_board_s2600cw2srserver_system_r1208wt2gsserver_board_s2600tpserver_system_r2208wttyc1rserver_board_s2600stqrcompute_module_hns2600bpblc24server_board_s2600cw2scompute_module_hns2600kp_firmwareserver_system_vrn2208wfaf83server_board_s2600cwtrserver_board_s1200spsserver_board_s2600bpqserver_system_r2208wt2ysserver_system_r1208wttgsserver_system_r1304wttgsserver_system_r2208wttysrserver_system_r1304sposhbnrserver_system_r2208wfqzsrserver_board_s2600tpfserver_board_s2600cwtsserver_system_lr1304sp_firmwareserver_system_r2312wf0nprserver_board_s2600wttrserver_board_s2600wt2server_system_r1208wfqysrserver_system_vrn2208wfhy6server_board_s2600stqserver_system_r2224wftzsserver_board_s2600wf0rserver_system_r2208wfqzsserver_system_nb2208wfqnfviserver_system_r2208wftzsserver_system_r2224wftzsrcompute_module_hns2600bpq24rserver_system_r2224wttysserver_board_s1200sp_firmwareserver_system_lr1304spcfg1rserver_system_lr1304spcfg1server_system_mcb2208wfaf5compute_module_hns2600bps24server_board_s2600bpsserver_board_s2600wt_firmwareserver_board_s2600bpqrserver_system_r2000wt_firmwareserver_system_r1208wt2gsrserver_system_vrn2208wfaf82compute_module_hns2600bpb24rserver_system_r1208wftysserver_system_r2000wf_firmwareserver_board_s2600cwserver_system_r2308wftzsrserver_system_lnetcnt3ycompute_module_s2600tp_firmwarecompute_module_hns2600bps24rserver_system_r1304wftysrserver_system_lsvrp4304es6xxrcompute_module_hns2600bpsrserver_board_s2600wt2rserver_system_mcb2208wfhy2server_board_s2600tpfrcompute_module_hns2600bpblcrserver_board_s2600cwtsrserver_system_r2224wfqzsserver_system_r2308wttysrcompute_module_hns2600tpfserver_system_r2312wftzsserver_system_vrn2208wfaf81server_board_s2600stbrcompute_module_hns2600bpqrserver_system_r2224wttysrserver_system_r2312wttyscompute_module_hns2600bpbrserver_system_r1208sposhorserver_board_s2600bp_firmwareserver_board_s2600bpbrserver_system_r1000wt_firmwareserver_board_s2600wttserver_board_s2600wf0compute_module_hns2600kpserver_system_r2312wfqzsserver_system_mcb2208wfaf6server_system_r1304wftysserver_system_r2208wttysserver_system_r1304sposhorrserver_system_vrn2208waf6compute_module_hns2600bp_firmwareserver_system_r1304sposhorcompute_module_hns2600tpcompute_module_hns2600kpfrcompute_module_hns2600bpqserver_board_s1200sporserver_board_s2600bpbserver_system_mcb2208wfaf4server_board_s1200splrserver_system_lr1304spcfsgx1compute_module_hns2600kpfcompute_module_hns2600bpblcserver_system_r2208wttyc1server_board_s2600cw2server_board_s1200sposerver_board_s2600wfqserver_board_s2600bpsrserver_system_r2312wf0npserver_system_r1304wttgsrserver_system_r2312wttysrserver_board_s2600kp_firmwareserver_system_r1208wttgsbppserver_board_s1200spsrcompute_module_hns2600bpsserver_system_r2208wf0zsrserver_board_s2600kpfrcompute_module_hns2600bpb24server_system_r2208wftzsrserver_system_r1208wftysrserver_board_s2600tprcompute_module_hns2600tp24srserver_board_s2600wf_firmwarecompute_module_hns2600bpq24Intel(R) Server Boards, Server Systems and Compute Modules Advisory
CWE ID-CWE-287
Improper Authentication
CVE-2020-5536
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.25%
||
7 Day CHG~0.00%
Published-04 Mar, 2020 | 01:35
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacker on the same network segment to bypass authentication and to initialize the device via unspecified vectors.

Action-Not Available
Vendor-plathomePlat'Home Co.,Ltd.
Product-openblocks_iot_vx2openblocks_iot_vx2_firmwareOpenBlocks IoT VX2
CWE ID-CWE-287
Improper Authentication
CVE-2020-35785
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-0.13% / 32.77%
||
7 Day CHG~0.00%
Published-29 Dec, 2020 | 23:40
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365).

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgn2200_firmwaredgn2200n/a
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • Next
Details not found