Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2017-7909 9.8 CRITICAL EPSS 0.02

Advantech B+B Smartworx Mesr901 Firmware - Authentication Bypass

A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages.

CWE-603 May 06, 2017

CVE-2017-6624 5.3 MEDIUM EPSS 0.00

Cisco Ios - Authentication Bypass

A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could exploit this vulnerability to place unauthorized, long-distance phone calls by using an affected system. Cisco Bug IDs: CSCuy40939.

CWE-287 May 03, 2017

CVE-2017-8403 8.8 HIGH EPSS 0.00

360fly 4K Camera Firmware - Authentication Bypass

360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application, or the BlueZ gatttool program.

CWE-287 May 01, 2017

CVE-2017-2101 7.3 HIGH EPSS 0.00

AppGoat <V3.0.0 - Auth Bypass

Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors.

CWE-287 Apr 28, 2017

CVE-2017-8223 7.5 HIGH EXPLOITED 1 PoC Analysis EPSS 0.18

Wificam Wireless IP Camera (p2p) Firmware - Authentication Bypass

On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av0_1 or tcp/av0_0.

CWE-287 Apr 25, 2017

CVE-2017-2332 8.8 HIGH EPSS 0.01

Juniper Networks NorthStar Controller <2.1.0 - Privilege Escalation

An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment.

CWE-287 Apr 24, 2017

CVE-2017-2329 6.2 MEDIUM EPSS 0.00

Juniper Northstar Controller < 2.1.0 - Authentication Bypass

An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute certain specific unprivileged system files capable of causing widespread denials of system services.

CWE-287 Apr 24, 2017

CVE-2017-2319 8.3 HIGH EPSS 0.01

Juniper Networks NorthStar Controller App <2.1.0-SP1 - Info Disclosure

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity without authentication, leading to managed systems being compromised or services being denied to authentic end users and systems as a result.

CWE-287 Apr 24, 2017

CVE-2017-8078 5.3 MEDIUM EPSS 0.00

Tp-link Tl-sg108e Firmware - Authentication Bypass

On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CWE-287 Apr 23, 2017

CVE-2017-6617 5.4 MEDIUM EPSS 0.00

Cisco Integrated Management Controlle... - Authentication Bypass

A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583.

CWE-287 Apr 20, 2017

CVE-2016-1219 9.8 CRITICAL EPSS 0.04

Cybozu Garoon <4.2.2 - Auth Bypass

Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.

CWE-287 Apr 20, 2017

CVE-2016-5410 5.5 MEDIUM EPSS 0.00

Firewalld < 0.4.3.2 - Authentication Bypass

firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.

CWE-287 Apr 19, 2017

CVE-2017-7284 8.8 HIGH EPSS 0.04

Unitrends Enterprise Backup <9.1.2 - Privilege Escalation

An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover.

CWE-287 Apr 12, 2017

CVE-2017-7588 9.8 CRITICAL 1 PoC Analysis EPSS 0.17

Brother Devices - Auth Bypass

On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W.

CWE-287 Apr 12, 2017

CVE-2016-1908 9.8 CRITICAL EPSS 0.03

OpenSSH <7.2 - Privilege Escalation

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.

CWE-287 Apr 11, 2017

CVE-2016-5068 9.8 CRITICAL EPSS 0.00

Sierrawireless Aleos Firmware - Authentication Bypass

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests.

CWE-287 Apr 10, 2017

CVE-2015-2880 8.8 HIGH EPSS 0.01

TRENDnet WiFi Baby Cam TV-IP743SIC - Info Disclosure

TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account.

CWE-287 Apr 10, 2017

CVE-2007-6760 9.8 CRITICAL EPSS 0.01

Dataprobe iBootBar <2007-09-20 - Auth Bypass

Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.

CWE-287 Apr 07, 2017

CVE-2007-6759 9.8 CRITICAL EPSS 0.01

Dataprobe iBootBar - Auth Bypass

Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.

CWE-287 Apr 07, 2017

CVE-2017-7450 9.8 CRITICAL EPSS 0.00

AIRTAME HDMI dongle <2.2.0 - Info Disclosure

AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot, or force a software update at an arbitrary time.

CWE-287 Apr 05, 2017

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps