Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-27422

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-03 Mar, 2025 | 16:25
Updated At-03 Mar, 2025 | 18:53
Rejected At-
Credits

FACTION Allows Authentication Bypass via User Creation

FACTION is a PenTesting Report Generation and Collaboration Framework. Authentication is bypassed when an attacker registers a new user with admin privileges. This is possible at any time without any authorization. The request must follow the validation rules (no missing information, secure password, etc) but there are no other controls stopping them. This vulnerability is fixed in 1.4.3.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:03 Mar, 2025 | 16:25
Updated At:03 Mar, 2025 | 18:53
Rejected At:
â–¼CVE Numbering Authority (CNA)
FACTION Allows Authentication Bypass via User Creation

FACTION is a PenTesting Report Generation and Collaboration Framework. Authentication is bypassed when an attacker registers a new user with admin privileges. This is possible at any time without any authorization. The request must follow the validation rules (no missing information, secure password, etc) but there are no other controls stopping them. This vulnerability is fixed in 1.4.3.

Affected Products
Vendor
factionsecurity
Product
faction
Versions
Affected
  • < 1.4.3
Problem Types
TypeCWE IDDescription
CWECWE-287CWE-287: Improper Authentication
Type: CWE
CWE ID: CWE-287
Description: CWE-287: Improper Authentication
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/factionsecurity/faction/security/advisories/GHSA-97cv-f342-v2jc
x_refsource_CONFIRM
https://github.com/factionsecurity/faction/commit/0a6848d388d6dba1c81918cce2772b1e805cd3d6
x_refsource_MISC
Hyperlink: https://github.com/factionsecurity/faction/security/advisories/GHSA-97cv-f342-v2jc
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/factionsecurity/faction/commit/0a6848d388d6dba1c81918cce2772b1e805cd3d6
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:03 Mar, 2025 | 17:15
Updated At:03 Mar, 2025 | 17:15

FACTION is a PenTesting Report Generation and Collaboration Framework. Authentication is bypassed when an attacker registers a new user with admin privileges. This is possible at any time without any authorization. The request must follow the validation rules (no missing information, secure password, etc) but there are no other controls stopping them. This vulnerability is fixed in 1.4.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-287Primarysecurity-advisories@github.com
CWE ID: CWE-287
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/factionsecurity/faction/commit/0a6848d388d6dba1c81918cce2772b1e805cd3d6security-advisories@github.com
N/A
https://github.com/factionsecurity/faction/security/advisories/GHSA-97cv-f342-v2jcsecurity-advisories@github.com
N/A
Hyperlink: https://github.com/factionsecurity/faction/commit/0a6848d388d6dba1c81918cce2772b1e805cd3d6
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/factionsecurity/faction/security/advisories/GHSA-97cv-f342-v2jc
Source: security-advisories@github.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

168Records found
CVE-2019-18661
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.50%
||
7 Day CHG~0.00%
Published-02 Nov, 2019 | 01:17
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. An attack does not achieve administrative control of a device; however, the attacker can view all of the web pages of the administration console.

Action-Not Available
Vendor-fastwebn/a
Product-fastgate_firmwarefastgaten/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-27351
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.2||HIGH
EPSS-47.21% / 97.61%
||
7 Day CHG~0.00%
Published-20 Apr, 2023 | 00:00
Updated-13 Feb, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.

Action-Not Available
Vendor-PaperCut Software Pty Ltd
Product-papercut_mfpapercut_ngNG
CWE ID-CWE-287
Improper Authentication
CVE-2023-25913
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
ShareView Details
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.27%
||
7 Day CHG~0.00%
Published-21 Aug, 2023 | 20:30
Updated-09 Jan, 2025 | 07:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass in Danfoss AK-SM800A

Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.

Action-Not Available
Vendor-danfossDanfoss
Product-ak-sm_800a_firmwareak-sm_800aAK-SM800A
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2023-39415
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.22%
||
7 Day CHG~0.00%
Published-18 Aug, 2023 | 09:26
Updated-08 Oct, 2024 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication vulnerability in Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote unauthenticated attacker to log in to the product's Control Panel and perform an unintended operation.

Action-Not Available
Vendor-northgridNorth Grid Corporationnorthgrid
Product-proselfProself Gateway EditionProself Mail Sanitize EditionProself Enterprise/Standard Editionproself_mail_sanitize_editionproself_gateway_editionproself_enterprise_standard_edition
CWE ID-CWE-287
Improper Authentication
CVE-2023-21841
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.10% / 77.72%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 23:35
Updated-17 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CWE ID-CWE-287
Improper Authentication
CVE-2019-15046
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.98% / 89.48%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 14:51
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_servicedesk_plusn/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-36524
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.88%
||
7 Day CHG~0.00%
Published-15 Aug, 2022 | 16:33
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Static Default Credentials via /etc/init0.d/S80telnetd.sh.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-go-rt-ac750go-rt-ac750_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-4494
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 42.98%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 13:25
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelwindowsspectrum_protect_clientspectrum_protect_for_space_managementaixSpectrum Protect for Space Management (Linux)Spectrum Protect Client (AIX)Spectrum Protect for Space Management (AIX)Spectrum Protect Client (Linux and Windows)
CWE ID-CWE-287
Improper Authentication
CVE-2018-21235
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 1.95%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 16:41
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit E-mail advertising system before September 2018. It allows authentication bypass and information disclosure, related to Interspire Email Marketer.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-e-mail_advertising_systemn/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-27408
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.18% / 78.47%
||
7 Day CHG~0.00%
Published-04 Dec, 2020 | 15:27
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.

Action-Not Available
Vendor-os4edn/a
Product-opensisn/a
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2020-27199
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.50% / 90.91%
||
7 Day CHG~0.00%
Published-17 Dec, 2020 | 04:07
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for correct password to gain access to the mobile application as that victim user.

Action-Not Available
Vendor-magic_home_pro_projectn/a
Product-magic_home_pron/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-41638
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 59.11%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 11:44
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username.

Action-Not Available
Vendor-melagn/a
Product-ftp_servern/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-38688
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-7.1||HIGH
EPSS-0.21% / 43.08%
||
7 Day CHG~0.00%
Published-29 Dec, 2021 | 13:05
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authentication in Qfile

An improper authentication vulnerability has been reported to affect Android App Qfile. If exploited, this vulnerability allows attackers to compromise app and access information We have already fixed this vulnerability in the following versions of Qfile: Qfile 3.0.0.1105 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qfileQfile
CWE ID-CWE-287
Improper Authentication
CVE-2021-37414
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.22% / 84.21%
||
7 Day CHG~0.00%
Published-10 Sep, 2021 | 14:27
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_desktop_centraln/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-34676
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.89% / 75.23%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 16:40
Updated-04 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation.

Action-Not Available
Vendor-basixonlinen/a
Product-nex-formsn/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-11765
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.15% / 78.16%
||
7 Day CHG~0.00%
Published-30 Sep, 2020 | 17:02
Updated-05 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-hadoopApache Hadoop
CWE ID-CWE-287
Improper Authentication
CVE-2021-30312
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.42%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 06:31
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication of sub-frames of a multicast AMSDU frame can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwarefsm10055sm7250sa6150p_firmwaresm6250p_firmwareqcs610ipq4028_firmwareqcn5550qca8337ar9380ipq8173_firmwareqca6431_firmwarewcd9360_firmwareqcn5124qca4024_firmwarewcn3950_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqcs2290qca6595au_firmwaresa6155qca6335qcn5064csra6620_firmwaresd_675_firmwarecsra6640_firmwareqcs6125_firmwaresa415mwcn3998wcn3950qcn6024_firmwaresd720gsm4125ipq8076awcn3660bsd460_firmwareqca6428qca6574au_firmwareqcn5164_firmwareipq8071wcd9375_firmwareqca8081_firmwarewcn3998_firmwaresa6155_firmwaresdx12_firmwareqca6420apq8053_firmwarewcd9360qca6438_firmwareipq8070_firmwareipq8065ipq8078a_firmwarewcn3999qrb5165_firmwareipq5028qca7500ipq8072_firmwareipq4029_firmwareqcs6125sa8155_firmwareipq6010sd662_firmwareipq8068qcs405qca6430sd765gfsm10056_firmwareqca6436wcn6851sa6155pqca6330qca9888_firmwareqcn6122wcd9341ipq8068_firmwareqca6431qca6696_firmwaresd870_firmwaresd750gqcn5154_firmwarewcn3910_firmwaresa8150pwsa8830_firmwareqca9992_firmwaresd660sd865_5g_firmwaresd855_firmwarewcn3988qca6438sd660_firmwaresa8195p_firmwareqcn5022_firmwarewcn6750_firmwareqca9898ipq4028wcn3610qca6428_firmwareipq5018_firmwareqca9985_firmwarewcn3991ipq4018_firmwareqca8337_firmwaresda429w_firmwarewcd9380_firmwareipq8072aqca7500_firmwareqca9980_firmwareipq8076a_firmwareipq8078qca6564ausdx55m_firmwareipq8173wcn6856_firmwareqcn5164qca6574csr8811_firmwarewcd9380qcn5054_firmwareqcs410qcn5024sd690_5g_firmwareipq4019_firmwaresdx50m_firmwareqca8072_firmwareqca9985qcn9012_firmwareqca6430_firmwareqcn5052_firmwarewcd9335_firmwarewcn3980qca6335_firmwareipq6018_firmwarewsa8815wcn6850pmp8074_firmwarewcn3910qca6320qca6426_firmwarewcn3660b_firmwareqca9984ipq6028ipq8064qcn9024pmp8074wcn3980_firmwaresd730qcn5550_firmwaresdx55mipq8064_firmwareqca6421_firmwarewcn6740_firmwaremsm8953qcn5064_firmwaresd678_firmwarear8031_firmwareipq8078_firmwareqcn5054qrb5165wcn6851_firmwareipq8070qca9994qca9980qcn9024_firmwareipq8174_firmwareqca6564a_firmwareqca9880qcm4290_firmwaresd870wcn6855qcs610_firmwareqsm8250sa6145pipq6018qca9886_firmwarear8031qca6595_firmwareqcs405_firmwaresa8145pqca6391_firmwareqca4024wcd9370_firmwaresd780g_firmwaresdx55sd888_firmwareapq8053qcn5021_firmwarecsra6640sa8155psd675ar8035_firmwareqcm2290qsm8250_firmwareqcn5024_firmwarewcn3991_firmwaremdm9150_firmwarewsa8830sd678qcn9070sa8145p_firmwareqcs2290_firmwarefsm10056sm7250_firmwarecsra6620fsm10055_firmwareqcn9072qca9880_firmwareqca9992qcs4290sd765g_firmwareqca6420_firmwareqca6390_firmwaresd690_5gipq6000sd730_firmwarewcd9370sd675_firmwareipq8072qcn5152_firmwareqca6426qca6584au_firmwarewcn3990_firmwareqcn9000_firmwareqca9984_firmwareqca9377ipq5018wcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwarewcn3615_firmwareipq8074asd662qcn5124_firmwareqca6330_firmwaresa8155qca6320_firmwarewcn3680b_firmwareqcn5122_firmwaresdx55_firmwarewcn3615qcn6023_firmwareqca6595auwcn3999_firmwarewcn3610_firmwareqca6436_firmwareipq5010qca6564au_firmwareqca6584ausd778gsa6155p_firmwareqca6310ipq8174sa515m_firmwareqca9990qcs6490sdxr2_5gqcn5052sa415m_firmwarewcn3988_firmwareqcn9074sa6145p_firmwareqca6421sd778g_firmwaresm6250sa8195pwsa8810_firmwaresd765_firmwarewcd9326wcd9335qca8081qcn6023ipq8071aqca6174a_firmwareipq8071a_firmwareqcs4290_firmwarewcd9385qcs6490_firmwareqca6390qca9898_firmwaresd750g_firmwareaqt1000wcd9375ar8035sm6250_firmwarecsr8811ipq4019msm8953_firmwareqcn9100_firmwaresda429wwcn3620_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwarewsa8815_firmwareqcm6490wcn6850_firmwarewsa8835_firmwarewcn3620qcx315qca6564aqcm6125_firmwareqca8072qcm2290_firmwarewcn3990qcn9000sd_675sd780gsd865_5gqca6595ar9380_firmwareqcn9012sd888qcn6122_firmwareipq8065_firmwareqcx315_firmwarewsa8835sd665_firmwaresd888_5gsm6250pqcn5154qca8075_firmwareipq4018qca6574awcn6855_firmwareqca9889qca6174aqca9888qca6310_firmwaresm7325ipq8074qca9994_firmwarewcn6750ipq8070a_firmwareipq8076_firmwaresa515mqca6574_firmwareqca9886sd855sm4125_firmwaresd665ipq8076sd765qca6574a_firmwareqcn5021qcn5152sd768g_firmwaresd460qca6391aqt1000_firmwareqcn9100qcm4290qcm6490_firmwaresdx50mqcn9070_firmwareipq6028_firmwareipq8072a_firmwareipq8074_firmwareqca6574auqca9889_firmwaresa8155p_firmwareqcn5122wcd9341_firmwareqcm6125wsa8810mdm9150wcn6856qcn5022wcn3680bsd768gipq6010_firmwarewcn6740qca6696sa6150pqca8075qcn9022_firmwareqcn6024qcn9022qca9990_firmwareipq8070aqcn9072_firmwareipq6000_firmwaresd720g_firmwaresdx12ipq8071_firmwareqcs410_firmwareqcn9074_firmwareipq4029sm7325_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-287
Improper Authentication
CVE-2018-15819
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.69% / 71.31%
||
7 Day CHG~0.00%
Published-02 Mar, 2020 | 18:07
Updated-05 Aug, 2024 | 10:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EasyIO EasyIO-30P devices before 2.0.5.27 have Incorrect Access Control, related to webuser.js.

Action-Not Available
Vendor-easyion/a
Product-easyio_30p_firmwareeasyio_30pn/a
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found