Remote code execution

An unauthenticated remote attacker can modify configurations to perform a remote code execution due to a missing authentication for a critical function...

CVE-2024-25995

CVE-2024-25995 involves PHOENIX CONTACT CHARX SEC-3000 (CHARX Series) AC charge controllers. The root cause is an input-validation/authentication flaw in critical functions, allowing an unauthenticated attacker to modify configurations and trigger remote code execution. Affected product versions ...

TPC-110W - Missing Authentication for Critical Function Exploit

include include include include include include int mainint argc, char argv int sock; struct sockaddrin servaddr; char command512; sock = socketAFINET, SOCKSTREAM, 0; if sock 0 perror"socket"; exit1; memset&servaddr, '0', sizeofservaddr; servaddr.sinfamily = AFINET; servaddr.sinport = htons8888; ...

TPC-110W - Missing Authentication for Critical Function

include include include include include include int mainint argc, char argv int sock; struct sockaddrin servaddr; char command512; sock = socketAFINET, SOCKSTREAM, 0; if sock 0 perror"socket"; exit1; memset&servaddr, '0', sizeofservaddr; servaddr.sinfamily = AFINET; servaddr.sinport = htons8888; ...

Authentication flaw

Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful exploitation of this vulnerability may affect service confidentiality...

The vulnerability of the Photos component in the macOS operating system, related to the lack of authentication for the critical function, allows a hacker to access the “Photos Album” without authentication.

The vulnerability of the macOS operating system is related to the absence of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to access the “Photos Album” album without being authenticated...

The vulnerability of the MachineSense microprogramming software components in FeverWarn ESP32, FeverWarn RaspberryPi, and the FeverWarn DataHub RaspberryPi systems, which allows a intruder to gain unauthorized access to protected information.

The vulnerability of the MachineSense microprogramming software components in FeverWarn ESP32, FeverWarn RaspberryPi, and the FeverWarn DataHub RaspberryPi systems is related to the absence of authentication procedures for critical functions. Exploiting this vulnerability could allow an attacker ...

CVE-2023-49115 MachineSense FeverWarn Missing Authentication for Critical Function

MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users...

CVE-2024-22449

Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access...

Missing Authentication for Critical Function

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...

CVE-2023-6942

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1GOT1000 versions 1.325P and prior, GT Designer3 Version1GOT2000 versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106...

Mitsubishi Electric FA Engineering Software Products (Update D)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : EZSocket, FR Configurator2, GT Designer3 Version1GOT1000, GT Designer3 Version1GOT2000, GX Works2, GX Works3, MELSOFT Navigator, MT Works2, MX Component, MX...

PT-2024-1427 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS on SRX Series and EX Series versions earlier than 20.4R3-S9 Juniper Networks Junos OS on SRX Series and EX Series 21.2 versions earlier than 21.2R3-S7 Juniper Networks Junos OS on SRX Series and EX Series 21.3 versio...

PT-2024-1435 · Unknown · Machinesense +3

Name of the Vulnerable Software and Affected Versions: MachineSense devices affected versions not specified FeverWarn ESP32 affected versions not specified FeverWarn RaspberryPi affected versions not specified FeverWarn DataHub RaspberryPi affected versions not specified Description: The issue is...

PT-2024-1432 · Unknown · Machinesense +3

Name of the Vulnerable Software and Affected Versions: MachineSense devices affected versions not specified FeverWarn ESP32 affected versions not specified FeverWarn RaspberryPi affected versions not specified FeverWarn DataHub RaspberryPi affected versions not specified Description: The issue is...

D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack ...

The vulnerability of the 5G mobile communication network organization software free5GC, related to the lack of authentication for critical functions, allows attackers to disclose protected information.

The vulnerability of the software for managing fifth-generation mobile communication networks 5G, free5GC, is related to the absence of authentication for a critical function. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose protected information...

The vulnerability of the microprogrammed logic controllers Sauter Nova 220, 230, and 106 lies in the absence of authentication for a critical function. This allows attackers to bypass security restrictions and execute arbitrary commands.

The vulnerability of the microprogrammed logic controllers Sauter Nova 220, 230, and 106 lies in the absence of authentication for the critical function. Exploiting this vulnerability allows a remote attacker to bypass security restrictions and execute arbitrary commands...

PT-2023-9595 · Mysql Server · Mysql Connectors

Name of the Vulnerable Software and Affected Versions: MySQL Connectors versions 9.0.0 and prior Description: The issue is related to a lack of authentication for a critical function in the Connector/Python component of MySQL Connectors, allowing a low-privileged attacker with network access via...

The vulnerability of the PC Settings Tool, a software tool for configuring computers, lies in the lack of authentication for a critical function, which allows attackers to escalate their privileges.

The vulnerability of the PC Settings Tool software relates to the lack of authentication for a critical function. Exploiting this vulnerability can allow attackers to enhance their privileges...