196 matches found
CVE-2025-0020
Violation of Secure Design Principles, Hidden Functionality, Incorrect Provision of Specified Functionality vulnerability in ArcGIS Authentication allows Privilege Abuse, Manipulating Hidden Fields, Configuration/Environment Manipulation. The ArcGIS clientcredentials OAuth 2.0 API implementation...
CVE-2025-0020
Rejected reason: “This CVE ID is Rejected and will not be used. As the CNA of record ESRI has rejected this CVE as it is not a vulnerability”...
CVE-2025-0020
CVE-2025-0020 is marked as rejected in the initial entry, but connected documents describe a vulnerability in ArcGIS’s client_credentials OAuth 2.0 API implementation: it allows undocumented, custom token expiration, enabling privilege abuse and manipulation of hidden fields/configuration. Affect...
CVE-2025-0020
...
TeleMessage TM SGNL Hidden Functionality Vulnerability
TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies of messages from TM SGNL application users...
CVE-2025-0675 Elber Communications Equipment Hidden Functionality
Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure...
CVE-2025-0675
CVE-2025-0675 affects Elber products (Elber Communications Equipment). The public records describe an authentication bypass that enables unauthorized access to password management, effectively allowing attackers to overwrite any user password and gain access to protected areas of affected devices...
CVE-2025-0675 Elber Communications Equipment Hidden Functionality
Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure...
Wavlink AC3000 wctrls static login vulnerability
Talos Vulnerability Report TALOS-2024-2034 Wavlink AC3000 wctrls static login vulnerability January 14, 2025 CVE Number CVE-2024-39754 SUMMARY A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead ...
Multiple vulnerabilities in TAKENAKA ENGINEERING digital video recorders
Overview Multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. contain multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2024-41929 OS command injection CWE-78 - CVE-2024-43778 Hidden functionality CWE-912 - CVE-2024-47001 Yoshiki Mori, Ushimaru...
CVE-2024-47001
Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...
CVE-2024-47001
The CVE-2024-47001 entry concerns a Hidden functionality issue in TAKENAKA ENGINEERING CO., LTD. digital video recorders. Connected sources confirm the vulnerability affects multiple TAKENAKA models (e.g., HDVR-400, HDVR-800, HDVR-1600, AHD04T-A/AHD08T-A/AHD16T-A, NVR04T-A/NVR08T-A, NVR16T-A, wit...
CVE-2024-47001
Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...
TAKENAKA ENGINEERING多款产品 安全漏洞
TAKENAKA ENGINEERING HDVR-400 and others are a digital video recorder from TAKENAKA ENGINEERING. A security vulnerability exists in various TAKENAKA ENGINEERING products, which stems from a hidden functionality issue that could allow a remote, authenticated attacker to execute arbitrary operating...
CVE-2024-45696
Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the...
CVE-2024-45697 D-Link WiFi router - Hidden Functionality
Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials...
CVE-2024-45696 D-Link WiFi router - Hidden Functionality
Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the...
CVE-2024-45696 D-Link WiFi router - Hidden Functionality
Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the...
Siemens SIMATIC RFID Readers Hidden Function Vulnerability
SIMATIC RF600 Readers are used for contactless identification of a variety of objects such as shipping containers, pallets, production goods, or often for recording bulk goods.SIMATIC RF1100 is an RFID-based solution for simple and versatile electronic authorization management.SIMATIC RF360R read...
Siemens SIMATIC RFID Readers
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...