CVE-2023-6949

A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any kind of...

CVE-2023-6949

CVE-2023-6949 affects the HTTP service on DJI Mavic Mini 3 Pro. A Missing Authentication for Critical Function vulnerability on port 80 allows an attacker to enumerate and download videos and pictures stored in drone memory without authentication. Connected sources corroborate the issue and ident...

PT-2024-2606 · Dji · Dji Mavic Mini 3 Pro

Name of the Vulnerable Software and Affected Versions: DJI Mavic Mini 3 Pro affected versions not specified Description: A Missing Authentication for Critical Function issue affects the HTTP service running on the standard port 80, allowing an attacker to enumerate and download videos and picture...

Remote code execution

An unauthenticated remote attacker can modify configurations to perform a remote code execution due to a missing authentication for a critical function...

CVE-2024-25995

CVE-2024-25995 involves PHOENIX CONTACT CHARX SEC-3000 (CHARX Series) AC charge controllers. The root cause is an input-validation/authentication flaw in critical functions, allowing an unauthenticated attacker to modify configurations and trigger remote code execution. Affected product versions ...

TPC-110W - Missing Authentication for Critical Function Exploit

include include include include include include int mainint argc, char argv int sock; struct sockaddrin servaddr; char command512; sock = socketAFINET, SOCKSTREAM, 0; if sock 0 perror"socket"; exit1; memset&servaddr, '0', sizeofservaddr; servaddr.sinfamily = AFINET; servaddr.sinport = htons8888; ...

TPC-110W - Missing Authentication for Critical Function

include include include include include include int mainint argc, char argv int sock; struct sockaddrin servaddr; char command512; sock = socketAFINET, SOCKSTREAM, 0; if sock 0 perror"socket"; exit1; memset&servaddr, '0', sizeofservaddr; servaddr.sinfamily = AFINET; servaddr.sinport = htons8888; ...

Authentication flaw

Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful exploitation of this vulnerability may affect service confidentiality...

The vulnerability of the Photos component in the macOS operating system, related to the lack of authentication for the critical function, allows a hacker to access the “Photos Album” without authentication.

The vulnerability of the macOS operating system is related to the absence of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to access the “Photos Album” album without being authenticated...

The vulnerability of the MachineSense microprogramming software components in FeverWarn ESP32, FeverWarn RaspberryPi, and the FeverWarn DataHub RaspberryPi systems, which allows a intruder to gain unauthorized access to protected information.

The vulnerability of the MachineSense microprogramming software components in FeverWarn ESP32, FeverWarn RaspberryPi, and the FeverWarn DataHub RaspberryPi systems is related to the absence of authentication procedures for critical functions. Exploiting this vulnerability could allow an attacker ...

CVE-2023-49115 MachineSense FeverWarn Missing Authentication for Critical Function

MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users...

CVE-2024-22449

Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access...

Missing Authentication for Critical Function

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...

CVE-2023-6942

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1GOT1000 versions 1.325P and prior, GT Designer3 Version1GOT2000 versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106...

Mitsubishi Electric FA Engineering Software Products (Update D)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : EZSocket, FR Configurator2, GT Designer3 Version1GOT1000, GT Designer3 Version1GOT2000, GX Works2, GX Works3, MELSOFT Navigator, MT Works2, MX Component, MX...

PT-2024-1432 · Unknown · Machinesense +3

Name of the Vulnerable Software and Affected Versions: MachineSense devices affected versions not specified FeverWarn ESP32 affected versions not specified FeverWarn RaspberryPi affected versions not specified FeverWarn DataHub RaspberryPi affected versions not specified Description: The issue is...

PT-2024-1427 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS on SRX Series and EX Series versions earlier than 20.4R3-S9 Juniper Networks Junos OS on SRX Series and EX Series 21.2 versions earlier than 21.2R3-S7 Juniper Networks Junos OS on SRX Series and EX Series 21.3 versio...

PT-2024-1435 · Unknown · Machinesense +3

Name of the Vulnerable Software and Affected Versions: MachineSense devices affected versions not specified FeverWarn ESP32 affected versions not specified FeverWarn RaspberryPi affected versions not specified FeverWarn DataHub RaspberryPi affected versions not specified Description: The issue is...

D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack ...

The vulnerability of the 5G mobile communication network organization software free5GC, related to the lack of authentication for critical functions, allows attackers to disclose protected information.

The vulnerability of the software for managing fifth-generation mobile communication networks 5G, free5GC, is related to the absence of authentication for a critical function. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose protected information...