CVE-2024-47555 Missing Authentication - User & System Configuration

Missing Authentication - User & System Configuration...

CVE-2024-47555

CVE-2024-47555 affects Xerox FreeFlow Core with a missing authentication vulnerability. According to the CVSS 3.1 vector, the issue is exploitable from an adjacent network, has high impact on confidentiality, integrity, and availability, and requires no user interaction. The root cause is a broke...

CVE-2024-41988 Missing Authentication for Critical Function vulnerability in TEM Opera Plus FM Family Transmitter

TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications th...

CVE-2024-41988 Missing Authentication for Critical Function vulnerability in TEM Opera Plus FM Family Transmitter

TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications th...

TEM Opera Plus FM Family Transmitter

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : TEM Equipment : Opera Plus FM Family Transmitter Vulnerabilities : Missing Authentication for Critical Function, Cross-Site Request Forgery CSRF 2. RISK...

CVE-2024-35293

An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS...

CVE-2024-35294 Schneider Elektronik Series 700 prone to missing authentication for traffic capture function

An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials...

CVE-2024-35294 Schneider Elektronik Series 700 prone to missing authentication for traffic capture function

An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials...

CVE-2024-35293 Schneider Elektronik Series 700 prone to missing authentication for critical reset function

An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS...

CVE-2024-35293

CVE-2024-35293 affects Schneider Electric Series 700 devices. The vulnerability is an unauthenticated missing-authentication-for-critical-function issue that can allow a remote attacker to reboot or erase the device, leading to data loss and potential DoS. Public documents consistently describe t...

PT-2024-26419 · Schneider Elektronik · Series 700

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices, resulti...

CVE-2024-8456 PLANET Technology switch devices - Missing Authentication for multiple HTTP routes

Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices...

CVE-2024-8456 PLANET Technology switch devices - Missing Authentication for multiple HTTP routes

Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices...

CVE-2024-39364 Advantech ADAM-5630 Missing Authentication for Critical Function

Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device...

CVE-2024-39364 Advantech ADAM-5630 Missing Authentication for Critical Function

Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device...

CVE-2024-8310 OPW Fuel Management Systems SiteSentinel Missing Authentication for Critical Function

OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges...

Advantech ADAM 5630

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Low attack complexity Vendor : Advantech Equipment : ADAM-5630 Vulnerabilities : Use of Persistent Cookies Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to hijack a...

CVE-2023-52947

Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logo...

CVE-2023-52949

CVE-2023-52949 affects Synology Active Backup for Business Agent prior to 2.7.0-3221. The issue is a missing authentication for a critical function in the proxy settings, allowing local users to obtain credentials via unspecified vectors. CVSSv3.1 base metrics indicate a Local attack with Low com...

Synology Active Backup for Business Agent 访问控制错误漏洞

Synology Active Backup for Business Agent is a backup program from China-based Synology Inc. An access control error vulnerability exists in Synology Active Backup for Business Agent versions prior to 2.6.3-3101, which stems from a lack of critical functionality authentication vulnerability that...