2931 matches found
CVE-2025-26339
A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability in multiple unspecified ways via crafted HTTP...
CVE-2025-26365
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests...
CVE-2025-26364
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profile server via crafted HTTP requests...
CVE-2025-26364
CVE-2025-26364 affects Q-Free MaxTime (MaxTime suite) via the vulnerable path in maxprofile/setup/routes.lua . The vulnerability is a CWE-306: Missing Authentication for Critical Function , allowing an unauthenticated remote attacker to disable the authentication profile server by sending crafted...
CVE-2025-26363
CVE-2025-26363 affects Q-Free MaxTime (MaxTime ≤ 2.11.0). The vulnerability resides in maxprofile/setup/routes.lua, where a CWE-306 Missing Authentication for Critical Function leads to an unauthenticated remote attacker being able to enable the authentication profile server via crafted HTTP requ...
CVE-2025-26362
CVE-2025-26362 describes a CWE-306 issue in Q-Free MaxTime: the vulnerability exists in the maxprofile/setup/routes.lua function, affecting MaxTime versions 2.11.0 and earlier. An unauthenticated remote attacker can craft HTTP requests to set an arbitrary authentication profile on the server. Thi...
CVE-2025-26361
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests...
CVE-2025-26359
The CVE-2025-26359 issue affects Q-Free MaxTime (MaxTime) up to version 2.11.0, specifically in maxprofile/accounts/routes.lua, where a Missing Authentication for Critical Function (CWE-306) allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests. Evidence from mult...
CVE-2025-26347
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user permissions via crafted HTTP requests...
CVE-2025-26347
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user permissions via crafted HTTP requests...
CVE-2025-26344
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable passwordless guest mode via crafted HTTP requests...
CVE-2025-26344
CVE-2025-26344 describes a CWE-306 vulnerability in Q-Free MaxTime
CVE-2025-26342
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to create arbitrary users, including administrators, via crafted HTTP requests...
CVE-2025-26342
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to create arbitrary users, including administrators, via crafted HTTP requests...
CVE-2025-26342
CVE-2025-26342 affects Q-Free MaxTime (MaxTime
CVE-2025-26341
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset arbitrary user passwords via crafted HTTP requests...
CVE-2025-26341
CVE-2025-26341 affects Q-Free MaxTime
CVE-2025-26339
A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability in multiple unspecified ways via crafted HTTP...
CVE-2025-26339
A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability in multiple unspecified ways via crafted HTTP...
Q-Free MAXTIME Suite 访问控制错误漏洞
Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/menu/routes.lua. An...