2964 matches found
CVE-2023-23906
Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to execute some critical functions without authentication, e.g., rebooting the product...
CVE-2023-23906
Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to execute some critical functions without authentication, e.g., rebooting the product...
CVE-2023-22441
Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versio...
PT-2023-18499 · Seiko Solutions · Seiko Solutions Skybridge Mb-A200 +1
Name of the Vulnerable Software and Affected Versions: Seiko Solutions SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier Seiko Solutions SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier Description: A missing authentication issue for a critical function exists in the Seiko Solutions...
CVE-2023-22441
Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versio...
CVE-2023-22441
CVE-2023-22441 affects Seiko Solutions SkyBridge MB‑A200 (firmware 01.00.05 and earlier) and SkyBridge BASIC MB‑A130 (firmware 1.4.1 and earlier). The root cause is missing authentication for critical function (CWE-306), enabling a remote attacker to obtain or alter product settings or perform cr...
Siemens SICAM P850 and SICAM P855 Missing Authentication For Critical Function (CVE-2022-29881)
A vulnerability has been identified in SICAM P850 All versions V3.00, SICAM P855 All versions V3.00. The web based management interface of affected devices does not employ special access protection for certain internal developer views. This could allow unauthenticated users to extract internal...
Siemens SICAM P850 and SICAM P855 Missing Authentication For Critical Function (CVE-2022-29879)
A vulnerability has been identified in SICAM P850 All versions V3.00, SICAM P855 All versions V3.00. The web based management interface of affected devices does not employ special access protection for certain internal developer views. This could allow authenticated users to access critical devic...
Siemens SICAM P850 and SICAM P855 Missing Authentication For Critical Function (CVE-2022-29877)
A vulnerability has been identified in SICAM P850 All versions V3.00, SICAM P855 All versions V3.00. Affected devices allow unauthenticated access to the web interface configuration area. This could allow an attacker to extract internal configuration details or to reconfigure network settings...
CVE-2023-22813
A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS...
WordPress plugin AI ChatBot 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Authentication flaw
A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An...
CVE-2023-20126 Cisco SPA112 2-Port Phone Adapters Remote Command Execution Vulnerability
A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An...
PT-2023-8263 · Nvidia · Nvidia Dgx H100 Bmc
Name of the Vulnerable Software and Affected Versions: NVIDIA DGX A100 BMC affected versions not specified Description: The issue is related to a missing authentication problem for a critical function in the NVIDIA DGX A100 BMC, which can be exploited by an adjacent network. A successful exploit...
CVE-2023-2231
A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1TBRO20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed t...
Authentication flaw
A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1TBRO20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed t...
CVE-2023-2231 MAXTECH MAX-G866ac Remote Management missing authentication
A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1TBRO20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed t...
Omron CS/CJ Series
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Omron Equipment: SYSMAC CS/CJ Series Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access...
CVE-2023-29413
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service...
CVE-2023-29413
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service...