Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-48773

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-11 Oct, 2024 | 00:00
Updated At-15 Oct, 2024 | 20:07
Rejected At-
Credits

An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:11 Oct, 2024 | 00:00
Updated At:15 Oct, 2024 | 20:07
Rejected At:
▼CVE Numbering Authority (CNA)

An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://comchenyumorepro.com
N/A
http://wo-smart.com/
N/A
https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.chenyu.morepro/com.chenyu.morepro.md
N/A
Hyperlink: http://comchenyumorepro.com
Resource: N/A
Hyperlink: http://wo-smart.com/
Resource: N/A
Hyperlink: https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.chenyu.morepro/com.chenyu.morepro.md
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
wo-smart
Product
morepro_firmware
CPEs
  • cpe:2.3:o:wo-smart:morepro_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 7.2.3
Problem Types
TypeCWE IDDescription
CWECWE-306CWE-306 Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-306
Description: CWE-306 Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:11 Oct, 2024 | 20:15
Updated At:15 Oct, 2024 | 20:35

An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-306Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-306
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://comchenyumorepro.comcve@mitre.org
N/A
http://wo-smart.com/cve@mitre.org
N/A
https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.chenyu.morepro/com.chenyu.morepro.mdcve@mitre.org
N/A
Hyperlink: http://comchenyumorepro.com
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://wo-smart.com/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.chenyu.morepro/com.chenyu.morepro.md
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

179Records found
CVE-2023-26570
Matching Score-4
Assigner-The Missing Link Australia (TML)
ShareView Details
Matching Score-4
Assigner-The Missing Link Australia (TML)
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.41%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 08:38
Updated-15 Oct, 2024 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.

Action-Not Available
Vendor-idattendIDAttend Pty Ltd
Product-idwebIDWeb
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-26574
Matching Score-4
Assigner-The Missing Link Australia (TML)
ShareView Details
Matching Score-4
Assigner-The Missing Link Australia (TML)
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.41%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 08:51
Updated-15 Oct, 2024 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.

Action-Not Available
Vendor-idattendIDAttend Pty Ltd
Product-idwebIDWeb
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-18230
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.26% / 48.77%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 21:15
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP.

Action-Not Available
Vendor-n/aHoneywell International Inc.
Product-hcd8g_firmwarehdz302din-s1_firmwareh4d8pr1h3w4gr1_firmwarehm4l8gr1h3w2gr2hcw4g_firmwarehcw2g_firmwareh3w4gr1h4lggr2hbw4gr1_firmwareh2w2gr1_firmwareh4l6gr2hmbl8gr1hdzp304di_firmwareh3w2gr1v_firmwarehdzp252dihdz302din_firmwareh4w4gr1vhpw2p1h4w4gr1hbw2gr1hdz302deh3w2gr2_firmwareh4l2gr1vhbl6gr2h4l6gr2_firmwarehdz302liwhfd6gr1_firmwarehdz302lik_firmwarehcw4ghbw2gr3_firmwarehdz302de_firmwareh3w2gr1h3w4gr1vhbw4gr1vh2w2gr1hcw2gvhbl2gr1vh3w4gr1v_firmwarehdz302dhbd8gr1_firmwareh4w2gr1_firmwareh4w4gr1v_firmwarehbw2gr3hdzp304dih4w2gr2hbl6gr2_firmwarehfd6gr1hdz302likhmbl8gr1_firmwarehdzp252di_firmwarehcw2gh4l2gr1hbl2gr1hdz302d_firmwarehcw2gv_firmwarehcd8ghm4l8gr1_firmwareh4w2gr2_firmwareh4l2gr1v_firmwareh4d8gr1h4w2gr1v_firmwareh4w2gr1vh4w2gr1hfd5pr1_firmwarehbd8gr1h4d8pr1_firmwareh4lggr2_firmwarehbw4gr1h3w2gr1vhdz302din-c1hpw2p1_firmwarehbw2gr1vhbw2gr3vhbl2gr1_firmwarehdz302din-s1hbw2gr1v_firmwareh3w2gr1_firmwarehbw2gr1_firmwarehbw2gr3v_firmwareh4w4gr1_firmwareh4l2gr1_firmwarehcl2gv_firmwarehfd8gr1_firmwarehbw4gr1v_firmwarehfd8gr1hdz302din-c1_firmwarehdz302liw_firmwarehbl2gr1v_firmwarehdz302dinhcl2gvhcl2g_firmwareh4d8gr1_firmwarehcl2ghfd5pr1Honeywell equIP & Performance series IP cameras
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-17511
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.37% / 88.53%
||
7 Day CHG~0.00%
Published-14 Oct, 2019 | 15:01
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can get the router's log file via log_get.php, which could be used to discover the intranet network structure.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-412_firmwaredir-412n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-16906
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.72%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 21:36
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These notifications are then no longer displayed to the normal user.

Action-Not Available
Vendor-infosystan/a
Product-in-app_\&_desktop_notificationsn/a
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-31793
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.70% / 81.54%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 16:46
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary app offers a web server on port 80 that allows an unauthenticated user to take a snapshot from the doorbell camera via the /snapshot URI.

Action-Not Available
Vendor-nightowlspn/a
Product-wdb-20wdb-20_firmwaren/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-37062
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.96% / 75.62%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 17:05
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords.

Action-Not Available
Vendor-flirn/a
Product-flir_ax8_firmwareflir_ax8n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-15654
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 60.21%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 17:18
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cleartext.

Action-Not Available
Vendor-comban/a
Product-ac2400_firmwareac2400n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-14927
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-16.71% / 94.67%
||
7 Day CHG~0.00%
Published-28 Oct, 2019 | 12:08
Updated-10 Sep, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data).

Action-Not Available
Vendor-inean/aMitsubishi Electric Corporation
Product-me-rtu_firmwaresmartrtusmartrtu_firmwareme-rtun/a
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-15655
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.31% / 79.01%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 17:19
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. This request doesn't require any authentication and will lead to saving the configuration file. The password is stored in cleartext.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsl-2875aldsl-2875al_firmwaren/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-0355
Matching Score-4
Assigner-NEC Corporation
ShareView Details
Matching Score-4
Assigner-NEC Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.44%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 07:23
Updated-21 Jan, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network.

Action-Not Available
Vendor-NEC Corporation
Product-WX4200D5WX3000HPWG1200CRWF1200CRWG2600HM4WG2600HS2GB1200PEWG2600HSWG2600HP4
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-13194
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.55% / 66.95%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 18:38
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL.

Action-Not Available
Vendor-n/aBrother Industries, Ltd.
Product-mfc-j895dwmfc-l6900dwhl-l6450dwhl-l6400dwtads-2800wdcp-1617nwmfc-l2720dn\(jpn\)mfc-j497dwdcp-t710w\(chn\)_firmwaremfc-j1500n\(jpn\)mfc-j5335dwmfc-l2740dwr_firmwaremfc-l2750dw_firmwaremfc-l3770cdw_firmwaredcp-7195dw_firmwaremfc-l2705dwmfc-j893n_firmwaredcp-1623wr_firmwaremfc-l6900dwx_firmwaredcp-l8410cdw_firmwaremfc-9350cdwmfc-j998dn_firmwarehl-l8260cdndcp-l2560dwrdcp-j982n-bmfc-l5702dw_firmwarehl-l2370dnhl-l2350dw_firmwaremfc-j893nmfc-l2720dw_firmwaremfc-l9570cdw_firmwarehl-l3230cdwhl-b2050dnhl-1211w_firmwaredcp-j572dwdcp-j577ndcp-j973n-wmfc-l2720dwr_firmwaredcp-l2531dw_firmwaremfc-j998dwn_firmwaredcp-l2520dw_firmwaremfc-l2707dwmfc-l9570cdwdcp-j978n-b_firmwaredcp-t710w_firmwaredcp-l2540dw\(jpn\)dcp-1610wvbmfc-l5802dwmfc-9350cdw_firmwaremfc-8530dnmfc-l2705dw_firmwaremfc-1910wmfc-1916nwmfc-j1300dwmfc-l2712dn_firmwaremfc-l3730cdn_firmwaremfc-j995dwmfc-9150cdndcp-l3551cdw_firmwarehl-l8360cdwtmfc-1911wdcp-l6600dwdcp-l2541dw_firmwaremfc-j805dw_xl_firmwaremfc-j6535dwmfc-l2701dwdcp-j982n-w_firmwaredcp-b7535dwmfc-j6947dw_firmwaremfc-l5700dw_firmwaredcp-l5500dnhl-1210wvb_firmwarehl-l9310cdwmfc-l2717dw_firmwarehl-l2395dw_firmwaremfc-l8610cdwmfc-j5730dw_firmwaremfc-l8900cdwmfc-l2685dw_firmwarehl-l6200dwt_firmwaredcp-j772dwhl-l2370dn_firmwaremfc-l2712dwdcp-1610wvb_firmwarehl-j6000cdw\(jpn\)_firmwarehl-l8360cdwt_firmwareads-3000nmfc-j5845dw_xl_firmwaredcp-j978n-w_firmwaredcp-1610wemfc-l8900cdw_firmwaredcp-l2540dnhl-l8360cdw_firmwaremfc-j805dw_firmwaredcp-b7530dndcp-l5650dnmfc-t810w\(chn\)dcp-l8410cdwdcp-1616nwmfc-8540dn_firmwaremfc-l2710dw_firmwaremfc-l5802dw_firmwarehl-l2375dw_firmwarehl-1210wvbmfc-l2713dw_firmwaremfc-l5902dwdcp-l5502dnhl-l2366dw_firmwarehl-1210wr_firmwarehl-l3270cdwdcp-l5600dn_firmwareads-2400n_firmwaremfc-l2720dwrhl-l2375dwhl-l5202dw_firmwaredcp-1610we_firmwaremfc-l2700dw\(oce\)_firmwaremfc-j995dw_xlhl-l8360cdwmfc-j491dwhl-l2385dwmfc-1912wrmfc-l2750dw\(jpn\)_firmwarehl-l6200dwtdcp-1610wrdcp-l3510cdwmfc-l2740dw_firmwarehl-1223we_firmwaremfc-j3530dwads-2800w_firmwaremfc-j6930dw_firmwaremfc-l6702dw_firmwaremfc-l2715dw\(twn\)hl-l5100dnthl-1210w_firmwaremfc-j1500n\(jpn\)_firmwarehl-b2050dn_firmwaredcp-l3550cdw_firmwaremfc-t910dw_firmwaredcp-l2532dw_firmwaremfc-l8610cdw\(jpn\)_firmwaredcp-b7530dn_firmwaremfc-l5755dw_firmwaremfc-l2700dwmfc-l6900dw_firmwaremfc-l5900dw_firmwaredcp-l5652dndcp-l2520dwmfc-l2700dw\(oce\)mfc-l2700dw_firmwarehl-1218whl-l3210cwdcp-l2520dwr_firmwaremfc-j6730dw_firmwarefax-l2700dn\(jpn\)mfc-l2717dwdcp-1618w_firmwaredcp-l2550dn_firmwaredcp-l2541dwhl-l2365dwrmfc-j6530dwdcp-1615nwdcp-7180dn_firmwaremfc-l5850dw_firmwaremfc-l6950dw_firmwarehl-b2080dwmfc-l2680whl-l2360dw_firmwareads-3600w_firmwarefax-l2710dn\(jpn\)_firmwaremfc-j5330dwmfc-l5800dw_firmwarehl-l3290cdwmfc-l2750dwxl_firmwaredcp-1615nw_firmwaremfc-j5335dw_firmwaremfc-l6950dwhl-l8260cdn_firmwaremfc-l2730dwhl-l6400dwxhl-l6250dw_firmwaredcp-1617nw_firmwarehl-l2340dwrmfc-7895dw_firmwaremfc-l2740dw\(jpn\)mfc-1911nw_firmwarehl-l6300dw_firmwaredcp-l3550cdwhl-l2305w_firmwaredcp-1612wemfc-l5700dwmfc-j6535dw_firmwaredcp-j774dwhl-l6200dwmfc-j998dwndcp-j572n_firmwaredcp-l2550dwmfc-l6902dwmfc-7880dn_firmwaremfc-j5845dw_firmwaremfc-j890dw_firmwaremfc-j5330dw_firmwaremfc-j738dwn_firmwarehl-l2380dwmfc-l6750dw_firmwaremfc-l9570cdw\(jpn\)_firmwaredcp-1612wvbdcp-l2540dw_firmwaremfc-l2770dw_firmwarehl-l2395dwdcp-l2551dndcp-l2532dwdcp-l3551cdwmfc-l6900dw\(jpn\)mfc-l3730cdnhl-l3210cw_firmwaredcp-j988n\(jpn\)mfc-l2740dw\(jpn\)_firmwaremfc-j903nmfc-l6900dw\(jpn\)_firmwaremfc-l5750dwdcp-l3517cdwmfc-1911w_firmwaremfc-j497dw_firmwarehl-j6000dwhl-j6000dw_firmwaremfc-l6902dw_firmwaremfc-j995dw_firmwaremfc-j6945dwmfc-j5630cdwhl-1212wr_firmwaremfc-l2740dwrmfc-t910dwmfc-j6947dwmfc-l2712dnmfc-j6935dw_firmwaremfc-l2713dwmfc-l6702dwmfc-l3735cdnmfc-l5755dw\(jpn\)_firmwarehl-3190cdw_firmwaremfc-j6530dw_firmwarehl-l2361dnmfc-j5845dwhl-l2366dwdcp-j774dw_firmwaremfc-j6997cdw\(jpn\)_firmwaremfc-j6999cdw\(jpn\)hl-l6202dw_firmwaremfc-8540dnhl-l8260cdw_firmwaremfc-t4500dwmfc-j738dnmfc-l2700dwr_firmwaredcp-b7520dwmfc-j5930dw_firmwarehl-3160cdw_firmwarehl-l6200dw_firmwaremfc-l2720dwdcp-7180dnmfc-j2330dwhl-5590dnmfc-l8610cdw_firmwaremfc-j690dwmfc-l6900dwgmfc-l2716dwhl-l5200dw_firmwaremfc-9150cdn_firmwaremfc-l2710dnmfc-7880dnhl-l6400dwgmfc-l2771dw_firmwarehl-1223wedcp-l5650dn_firmwaremfc-1919nw_firmwareads-3000n_firmwaremfc-l6700dw_firmwaredcp-9030cdn_firmwaredcp-l2520dwrdcp-j972nmfc-j6999cdw\(jpn\)_firmwaredcp-1612we_firmwaredcp-j973n-b_firmwaremfc-j6980cdw\(jpn\)_firmwaremfc-j898nmfc-j6545dw_firmwaremfc-l2750dw\(jpn\)dcp-l2530dw_firmwaremfc-1910wedcp-l5500dn_firmwaremfc-j805dwmfc-j895dw_firmwarehl-1222wemfc-j898n_firmwaredcp-l2540dnr_firmwarehl-l3230cdnhl-1218w_firmwaredcp-7195dwhl-l6250dn_firmwaredcp-l2551dwhl-l2340dwr_firmwaremfc-1911nwads-3600whl-l2360dnrdcp-l2560dw_firmwaremfc-j1300dw_firmwaremfc-l2710dwhl-2560dndcp-j981n_firmwaremfc-b7715dw_firmwaremfc-l3710cw_firmwarehl-l6402dw_firmwaredcp-l2551dw_firmwaremfc-l2712dw_firmwaremfc-j995dw_xl_firmwaredcp-l2537dw_firmwaremfc-l2732dwmfc-l2750dwhl-l2315dwmfc-l2685dwmfc-l5702dwdcp-l2537dwmfc-j903n_firmwaredcp-1612wvb_firmwaremfc-1912wr_firmwaremfc-l6800dwdcp-l2535dwdcp-l2550dw_firmwarehl-l2352dw_firmwaredcp-j582n_firmwaredcp-l5602dn_firmwaremfc-t4500dw_firmwarehl-2595dw_firmwaremfc-t810whl-l2340dwmfc-j2330dw_firmwarehl-1222we_firmwaremfc-j6580cdw\(jpn\)dcp-1612wr_firmwarehl-l5100dn_firmwaremfc-j5730dwmfc-l6700dwdcp-t510wmfc-j6983cdwhl-l2365dwdcp-j982n-b_firmwaremfc-l6750dwdcp-j978n-wmfc-j6583cdwdcp-l2550dndcp-l2560dwr_firmwaredcp-j988n\(jpn\)_firmwarehl-l2386dw_firmwaremfc-b7720dnhl-l2372dnmfc-l3735cdn_firmwarehl-3160cdwmfc-l6800dw_firmwarehl-l3230cdn_firmwarehl-l2376dwhl-t4000dw_firmwaremfc-l2701dw_firmwaredcp-b7535dw_firmwaredcp-l6600dw_firmwaremfc-1915w_firmwaremfc-l2680w_firmwaremfc-l2732dw_firmwarehl-1212w_firmwaredcp-l2531dwdcp-t510w\(chn\)dcp-l2530dwmfc-j738dwnmfc-j6545dw_xl_firmwaremfc-l6970dwmfc-j738dn_firmwaredcp-j972n_firmwaredcp-1618wdcp-j772dw_firmwaredcp-t510w_firmwaremfc-l5902dw_firmwaremfc-l2716dw_firmwaremfc-l5800dwmfc-j815dw_xlmfc-j5630cdw_firmwaredcp-l3517cdw_firmwaredcp-j973n-bmfc-l3770cdwdcp-l5602dnmfc-l5750dw_firmwarehl-1212wvbmfc-l2730dw_firmwaredcp-j982n-wmfc-j5930dwfax-l2700dn\(jpn\)_firmwarehl-l2361dn_firmwarehl-l6400dwg_firmwaremfc-l9577cdwdcp-1612wrmfc-j805dw_xlmfc-l2720dn\(jpn\)_firmwaremfc-j6995cdw\(jpn\)_firmwaremfc-j6583cdw_firmwaremfc-j1605dn_firmwarehl-l6400dwdcp-l2535dw_firmwarehl-l6300dwdcp-1610wr_firmwaremfc-j491dw_firmwarehl-l5202dwdcp-j1100dwmfc-j6545dwdcp-l5600dndcp-j978n-bdcp-l3510cdw_firmwaremfc-l2703dw_firmwaremfc-l2730dn\(jpn\)hl-l5100dnmfc-j3930dwmfc-j3930dw_firmwaremfc-j6995cdw\(jpn\)mfc-j5830dwdcp-l2552dnmfc-j5945dw_firmwarehl-l2350dwhl-l3230cdw_firmwaredcp-l2540dwdcp-l2551dn_firmwaremfc-l5755dwmfc-j6930dwhl-l2340dw_firmwaredcp-1610w_firmwaredcp-l2560dwhl-l2365dw_firmwaremfc-j998dnhl-l6300dwt_firmwaremfc-l5850dwhl-j6100dwmfc-j6545dw_xldcp-j572nmfc-l3745cdw_firmwarehl-l2376dw_firmwaremfc-j5845dw_xldcp-1616nw_firmwarehl-l2360dnhl-l5200dwtmfc-l8610cdw\(jpn\)hl-l5595dnhl-t4000dwhl-l2371dnhl-l5200dwt_firmwarehl-l6402dwmfc-b7715dwdcp-1623wrhl-1212we_firmwaremfc-1916nw_firmwaredcp-t710wmfc-j6980cdw\(jpn\)hl-l2315dw_firmwaredcp-l2540dw\(jpn\)_firmwarehl-l5595dn_firmwarehl-l9310cdw_firmwarehl-l5102dwmfc-b7720dn_firmwarehl-l2365dwr_firmwaremfc-l3710cwhl-l6202dwmfc-l5700dnhl-l2370dw_firmwaremfc-l2770dwmfc-j6945dw_firmwarehl-1210wrmfc-l2750dwxlmfc-l5900dwhl-l2370dwdcp-1610whl-l5102dw_firmwaremfc-j2730dw_firmwarehl-1210wehl-l2305wdcp-l2540dn_firmwarehl-2560dn_firmwaredcp-l2550dw\(jpn\)_firmwarehl-j6100dw_firmwaremfc-j3530dw_firmwaremfc-j5830dw_firmwarehl-l2385dw_firmwarehl-l5200dwdcp-b7520dw_firmwaredcp-1612wmfc-j6983cdw_firmwaredcp-j582nhl-1210whl-l2386dwhl-1210we_firmwaremfc-j890dwmfc-j5945dwfax-l2710dn\(jpn\)mfc-1910w_firmwaremfc-j2730dwmfc-1910we_firmwarehl-l2371dn_firmwarehl-l2360dn_firmwaremfc-l2752dw_firmwarehl-l2351dw_firmwarehl-l2370dwxlmfc-l2751dwmfc-j1605dnhl-l6450dw_firmwaredcp-j973n-w_firmwaremfc-j6580cdw\(jpn\)_firmwaremfc-l2710dn_firmwarehl-1212wvb_firmwarehl-l2357dw_firmwaremfc-l6900dwg_firmwaremfc-l2703dwhl-l6400dwx_firmwarehl-l5100dnt_firmwarehl-3190cdwhl-l6400dwt_firmwaremfc-1915wmfc-l8690cdw_firmwaremfc-l3750cdw_firmwaremfc-l2730dn\(jpn\)_firmwaredcp-9030cdnmfc-l9577cdw_firmwarehl-l2390dw_firmwaremfc-l3750cdwhl-1212wdcp-t510w\(chn\)_firmwaremfc-t810w\(chn\)_firmwaremfc-8535dn_firmwaremfc-1919nwmfc-t810w_firmwarehl-l2370dwxl_firmwarehl-l8260cdwhl-j6000cdw\(jpn\)mfc-l2700dndcp-l2552dn_firmwaremfc-l2700dn_firmwaredcp-l5652dn_firmwaremfc-l2771dwdcp-1612w_firmwaremfc-l6970dw_firmwarehl-1211wmfc-l3745cdwmfc-l2707dw_firmwaremfc-l8690cdwdcp-l2540dnrdcp-j577n_firmwaredcp-j1100dw_firmwarehl-l6400dw_firmwaredcp-t710w\(chn\)dcp-j572dw_firmwarehl-2595dwhl-l2360dnr_firmwarehl-l2351dwmfc-l2715dw_firmwaremfc-j6730dwhl-5590dn_firmwaremfc-8535dnmfc-l5700dn_firmwareads-2400ndcp-1622wemfc-l9570cdw\(jpn\)mfc-l2740dwmfc-j815dw_xl_firmwarehl-b2080dw_firmwaremfc-l2700dnrmfc-l2751dw_firmwaremfc-j6997cdw\(jpn\)hl-l2372dn_firmwarehl-1212wemfc-l2700dnr_firmwaredcp-1622we_firmwaremfc-j6935dwdcp-l2550dw\(jpn\)mfc-l2715dwmfc-l2752dwdcp-j981ndcp-1623wemfc-8530dn_firmwarehl-l6250dwmfc-7895dwmfc-j690dw_firmwaredcp-l5502dn_firmwarehl-l6300dwtmfc-l2700dwrdcp-1623we_firmwarehl-l3290cdw_firmwaremfc-l5755dw\(jpn\)hl-l6250dnhl-l2352dwhl-l2360dwhl-l2380dw_firmwaremfc-l2715dw\(twn\)_firmwaremfc-l6900dwxhl-l2390dwhl-l2357dwhl-l3270cdw_firmwarehl-1212wrn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-11020
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.01%
||
7 Day CHG~0.00%
Published-09 Jul, 2019 | 17:00
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of authentication in file-viewing components in DDRT Dashcom Live 2019-05-09 allows anyone to remotely access all claim details by visiting easily guessable dashboard/uploads/claim_files/claim_id_ URLs.

Action-Not Available
Vendor-ddrtn/a
Product-dashcom_live_firmwaredashcom_liven/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-11019
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.01%
||
7 Day CHG~0.00%
Published-09 Jul, 2019 | 15:43
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of authentication in case-exporting components in DDRT Dashcom Live through 2019-05-08 allows anyone to remotely access all claim details by visiting easily guessable exportpdf/all_claim_detail.php?claim_id= URLs.

Action-Not Available
Vendor-ddrtn/a
Product-dashcom_live_firmwaredashcom_liven/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-21931
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-81.08% / 99.12%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 19:54
Updated-13 Feb, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-21837
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.57%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 23:35
Updated-17 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-21041
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.39%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 16:44
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with O(8.x) software. Access to Gallery in the Secure Folder can occur without authentication. The Samsung ID is SVE-2018-13057 (December 2018).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-45276
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.09%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 10:28
Updated-24 Jan, 2025 | 07:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MB connect line/Helmholz: tmp directory exposed via webservice

An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication.

Action-Not Available
Vendor-mbconnectlinehelmholzMB connect lineHelmholzmb_connect_linehelmholz
Product-mbnet.mini_firmwarembnet.minirex_100_firmwarerex_100REX100mbNET.minimbnet.minirex_100_firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-42178
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-2.5||LOW
EPSS-0.09% / 27.04%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 21:24
Updated-16 May, 2025 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL MyXalytics is affected by a failure to restrict URL access vulnerability

HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-dryice_myxalyticsHCL MyXalytics
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-35572
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.62%
||
7 Day CHG~0.00%
Published-12 Sep, 2022 | 21:17
Updated-03 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. This web page calls a show_sysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS Pins, and hardware/firmware versions, and prints this information into the web page. This web page is visible when remote management is enabled. A user who has access to the web interface of the device can extract these secrets. If the device has remote management enabled and is connected directly to the internet, this vulnerability is exploitable over the internet without interaction.

Action-Not Available
Vendor-n/aLinksys Holdings, Inc.
Product-e5350e5350_firmwaren/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-50589
Matching Score-4
Assigner-SEC Consult Vulnerability Lab
ShareView Details
Matching Score-4
Assigner-SEC Consult Vulnerability Lab
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.89%
||
7 Day CHG+0.03%
Published-08 Nov, 2024 | 11:34
Updated-08 Nov, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unprotected FHIR API

An unauthenticated attacker with access to the local network of the medical office can query an unprotected Fast Healthcare Interoperability Resources (FHIR) API to get access to sensitive electronic health records (EHR).

Action-Not Available
Vendor-HASOMEDhasomed
Product-Elefantelefant
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-48775
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.47%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 00:00
Updated-15 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process.

Action-Not Available
Vendor-n/astarvedia
Product-n/aezset_firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-48776
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.47%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 00:00
Updated-15 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process

Action-Not Available
Vendor-n/ashelly
Product-n/ahome_firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-48771
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.37%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 00:00
Updated-15 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process

Action-Not Available
Vendor-n/aalmando
Product-n/aalmando_play_firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-9315
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-86.83% / 99.39%
||
7 Day CHG~0.00%
Published-10 May, 2020 | 22:23
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE.

Action-Not Available
Vendor-n/aOracle Corporation
Product-iplanet_web_servern/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-9325
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.55% / 67.08%
||
7 Day CHG~0.00%
Published-18 Mar, 2020 | 13:13
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download.

Action-Not Available
Vendor-aquaforestn/a
Product-tiff_servern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-7953
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.72%
||
7 Day CHG~0.00%
Published-06 Feb, 2020 | 16:26
Updated-04 Aug, 2024 | 09:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read server files (e.g., /etc/passwd) due to the use of the nmap -iL (aka input file) option.

Action-Not Available
Vendor-opservicesn/a
Product-opmonn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-5373
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 50.62%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 19:30
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device.

Action-Not Available
Vendor-Dell Inc.
Product-emc_omimssc_for_sccmemc_omimssc_for_scvmmOMIMSSC (OpenManage Integration for Microsoft System Center)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-35755
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.02%
||
7 Day CHG~0.00%
Published-03 May, 2021 | 20:46
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVRAM Direct Access Information Leak. The luci_service deamon running on port 7777 provides a sub-category of commands for which Read_ is prepended. Commands in this category are able to directly read the contents of the device configuration NVRAM. The NVRAM contains sensitive information, such as the Wi-Fi password (in cleartext), as well as connected account tokens for services such as Spotify.

Action-Not Available
Vendor-librewirelessn/a
Product-ls9_firmwarels9n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found