CVE & Exploit Intelligence Database

CVE-2023-31762 7.5 HIGH EPSS 0.00

Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack.

CWE-294 May 24, 2023

CVE-2023-31761 7.5 HIGH EPSS 0.00

Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack.

CWE-294 May 24, 2023

CVE-2023-31759 7.5 HIGH EPSS 0.00

Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack.

CWE-294 May 24, 2023

CVE-2023-33281 6.5 MEDIUM EPSS 0.00

The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that this cannot be reproduced with genuine Nissan parts: for example, the combination of keyfob and door handle shown in the exploit demonstration does not match any technology that Nissan provides to customers.

CWE-294 May 22, 2023

CVE-2022-47930 6.8 MEDIUM EPSS 0.00

An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past.

CWE-294 Apr 21, 2023

CVE-2023-20123 6.3 MEDIUM EPSS 0.00

A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows device. This vulnerability exists because session credentials do not properly expire. An attacker could exploit this vulnerability by replaying previously used multifactor authentication (MFA) codes to bypass MFA protection. A successful exploit could allow the attacker to gain unauthorized access to the affected device.

CWE-294 Apr 05, 2023

CVE-2023-1886 7.3 HIGH 1 Writeup EPSS 0.00

Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CWE-294 Apr 05, 2023

CVE-2023-1537 9.8 CRITICAL 1 Writeup EPSS 0.00

Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.

CWE-294 Mar 21, 2023

CVE-2023-23397 9.8 CRITICAL KEV RANSOMWARE 32 PoCs Analysis EPSS 0.94

Microsoft Outlook Elevation of Privilege Vulnerability

CWE-20 Mar 14, 2023

CVE-2022-45789 8.1 HIGH EPSS 0.00

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)

CWE-294 Jan 31, 2023

CVE-2022-43704 5.9 MEDIUM 1 PoC Analysis EPSS 0.02

The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol (udp/1024) commands interfacing directly with the target device. This, in turn, allows for an attack to control the onboard relay without requiring authentication via the mobile application. This might result in an unacceptable temperature within the target device's physical environment.

CWE-294 Jan 20, 2023

CVE-2023-0014 9.0 CRITICAL EPSS 0.00

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.

CWE-294 Jan 10, 2023

CVE-2023-0036 6.5 MEDIUM EPSS 0.00

platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

CWE-287 Jan 09, 2023

CVE-2023-0035 6.5 MEDIUM EPSS 0.00

softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

CWE-287 Jan 09, 2023

CVE-2022-38766 8.1 HIGH 3 PoCs Analysis EPSS 0.03

The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack.

CWE-294 Jan 03, 2023

CVE-2022-2226 6.5 MEDIUM EPSS 0.00

An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email. This vulnerability affects Thunderbird < 102 and Thunderbird < 91.11.

CWE-294 Dec 22, 2022

CVE-2022-25837 7.5 HIGH EPSS 0.00

Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion.

CWE-294 Dec 12, 2022

CVE-2022-25836 7.5 HIGH EPSS 0.00

Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator. The MITM attacker can use the identified Passkey value to complete authentication with the Responder via Bluetooth pairing method confusion.

CWE-294 Dec 12, 2022

CVE-2022-45914 6.5 MEDIUM EPSS 0.00

The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing.

CWE-294 Nov 27, 2022

CVE-2021-38827 7.5 HIGH 1 Writeup EPSS 0.00

Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover.

CWE-294 Nov 14, 2022