CVE-2023-50199

Summary: CVE-2023-50199 affects D-Link G416 routers, due to a flaw in the httpd service listening on TCP port 80 that allows missing authentication to access a critical function, enabling remote code execution by network-adjacent attackers. The entry is supported by multiple sources (ZDI advisory...

CVE-2024-32764

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud...

CVE-2024-32764

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud...

CVE-2024-32764 myQNAPcloud Link

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud...

CVE-2024-32764

Summary: CVE-2024-32764 affects QNAP’s myQNAPcloud Link. The issue is a missing authentication for a critical function accessible over the network, potentially allowing a user with existing functional privileges to exploit it. Affected product/version: myQNAPcloud Link prior to 2.4.51 (vulnerable...

CVE-2024-3874 Tenda W20E SetRemoteWebManage formSetRemoteWebManage stack-based overflow

A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. The attack can be initiated...

CVE-2024-30391

A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device...

CVE-2024-30391 Junos OS: MX Series with SPC3, and SRX Series: When IPsec authentication is configured with "hmac-sha-384" and "hmac-sha-512" no authentication of traffic is performed

A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device...

The vulnerability of the proxy server of the cloud messaging and Apache Pulsar streaming platform allows attackers to expose sensitive information and cause service failures.

The vulnerability of a cloud messaging and Apache Pulsar streaming service’s proxy server lies in the lack of authentication checks for a critical function. Exploiting this vulnerability allows an attacker to disclose protected information and cause service failures...

CVE-2024-31218 Missing Authentication for Critical Function in Webhood backend

Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites. Webhood's backend container images in versions 0.9.0 and earlier are subject to Missing Authentication for Critical Function vulnerability. This vulnerability allows an unauthenticated attacker to send a HTTP reques...

CVE-2023-6949

A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any kind of...

CVE-2023-6949

A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any kind of...

CVE-2023-6949

CVE-2023-6949 affects the HTTP service on DJI Mavic Mini 3 Pro. A Missing Authentication for Critical Function vulnerability on port 80 allows an attacker to enumerate and download videos and pictures stored in drone memory without authentication. Connected sources corroborate the issue and ident...

PT-2024-2606 · Dji · Dji Mavic Mini 3 Pro

Name of the Vulnerable Software and Affected Versions: DJI Mavic Mini 3 Pro affected versions not specified Description: A Missing Authentication for Critical Function issue affects the HTTP service running on the standard port 80, allowing an attacker to enumerate and download videos and picture...

Remote code execution

An unauthenticated remote attacker can modify configurations to perform a remote code execution due to a missing authentication for a critical function...

CVE-2024-25995

CVE-2024-25995 involves PHOENIX CONTACT CHARX SEC-3000 (CHARX Series) AC charge controllers. The root cause is an input-validation/authentication flaw in critical functions, allowing an unauthenticated attacker to modify configurations and trigger remote code execution. Affected product versions ...

TPC-110W - Missing Authentication for Critical Function Exploit

include include include include include include int mainint argc, char argv int sock; struct sockaddrin servaddr; char command512; sock = socketAFINET, SOCKSTREAM, 0; if sock 0 perror"socket"; exit1; memset&servaddr, '0', sizeofservaddr; servaddr.sinfamily = AFINET; servaddr.sinport = htons8888; ...

TPC-110W - Missing Authentication for Critical Function

include include include include include include int mainint argc, char argv int sock; struct sockaddrin servaddr; char command512; sock = socketAFINET, SOCKSTREAM, 0; if sock 0 perror"socket"; exit1; memset&servaddr, '0', sizeofservaddr; servaddr.sinfamily = AFINET; servaddr.sinport = htons8888; ...

Authentication flaw

Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful exploitation of this vulnerability may affect service confidentiality...

The vulnerability of the Photos component in the macOS operating system, related to the lack of authentication for the critical function, allows a hacker to access the “Photos Album” without authentication.

The vulnerability of the macOS operating system is related to the absence of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to access the “Photos Album” album without being authenticated...