CVE & Exploit Intelligence Database

CVE-2019-9659 9.1 CRITICAL 1 Writeup EPSS 0.00

The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System.

CWE-294 Mar 11, 2019

CVE-2018-19023 8.8 HIGH EPSS 0.00

Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.

CWE-287 Jan 25, 2019

CVE-2018-7356 5.6 MEDIUM EPSS 0.00

All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections.

CWE-294 Nov 01, 2018

CVE-2018-17903 9.1 CRITICAL EPSS 0.00

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery.

CWE-294 Oct 24, 2018

CVE-2018-17935 8.1 HIGH EPSS 0.00

All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.

CWE-294 Oct 24, 2018

CVE-2018-13789 7.5 HIGH EPSS 0.00

An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers.

CWE-522 Oct 10, 2018

CVE-2018-17176 7.5 HIGH EPSS 0.00

A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all.

CWE-294 Sep 18, 2018

CVE-2018-16242 5.3 MEDIUM EPSS 0.00

oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol.

CWE-294 Sep 14, 2018

CVE-2018-7790 9.8 CRITICAL EPSS 0.01

An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC.

CWE-294 Aug 29, 2018

CVE-2018-14781 5.3 MEDIUM EPSS 0.00

Medtronic MiniMed MMT devices when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.

CWE-287 Aug 13, 2018

CVE-2018-1128 7.5 HIGH 1 Writeup EPSS 0.01

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.

CWE-287 Jul 10, 2018

CVE-2017-5251 8.1 HIGH EPSS 0.00

In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted.

CWE-294 Feb 22, 2018

CVE-2017-3191 9.8 CRITICAL EPSS 0.34

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.

CWE-20 Dec 16, 2017

CVE-2017-11786 8.8 HIGH EPSS 0.11

Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."

CWE-294 Oct 13, 2017

CVE-2017-6034 9.8 CRITICAL EPSS 0.00

An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download.

CWE-287 Jun 30, 2017

CVE-2017-6823 8.8 HIGH 1 PoC Analysis EPSS 0.07

Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.

CWE-294 Mar 12, 2017

CVE-2002-0054 EPSS 0.13

SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.

CWE-294 Mar 08, 2002