Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-294

CWE-294

High likelihood

Authentication Bypass by Capture-replay

Parent: CWE-1390 - Weak Authentication

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

210 vulnerabilities with CWE-294

CVE-2020-6972 CRITICAL

Honeywell Fire Web Server <3.50 - Auth Bypass

CVE-2020-10185 HIGH

YubiKey Validation Server <2.40 - Replay Attack

CVE-2019-11856 LOW

ALEOS <4.13.0, <4.9.5, <4.4.9 - Replay Attack

CVE-2019-20626 MEDIUM

Honda HR-V 2017 - Info Disclosure

CVE-2019-13533 HIGH

Omron PLC - Info Disclosure

CVE-2019-12393 HIGH

Anviz Access Control Devices - Info Disclosure

CVE-2019-18226 CRITICAL

Honeywell equIP - Replay Attack

CVE-2019-12887 HIGH

KeyIdentity LinOTP <2.10.5.3 - Info Disclosure

CVE-2019-11334 LOW

Tzumi Electronics Klic Lock 1.0.9 - Auth Bypass

CVE-2019-9158 MEDIUM

Gemalto DS3 Authentication Server <2.6.1-SP01 - Privilege Escalation

CVE-2019-5307 MEDIUM

Huawei 4G LTE <P30 ELE-AL00 9.1.0.162/C01E160R2P1 - Message Replay

CVE-2019-3915 HIGH

Verizon Fios Quantum Gateway G1100 Firmware - Authentication Bypass

CVE-2019-9659 CRITICAL

Chuango 433 MHz burglar-alarm - Info Disclosure

CVE-2018-9477 HIGH

Google Android - Missing Authorization

CVE-2018-19025 CRITICAL

JUUKO K-808 - Command Injection

CVE-2018-17932 CRITICAL

JUUKO K-800 - Command Injection

CVE-2018-15498 HIGH

YSoft SafeQ Server 6 - Info Disclosure

CVE-2018-19023 HIGH

Hetronic Nova-M <r161 - Command Injection

CVE-2018-7356 MEDIUM

ZTE ZXR10 8905E - DoS

CVE-2018-17903 CRITICAL

SAGA1-L8B - Command Injection

CVE-2018-17935 HIGH

Telecrane F25 Series Radio Controls <00.0A - Command Injection

CVE-2018-13789 HIGH

Descor Infocad FM <3.1.0.0 - Info Disclosure

CVE-2018-17176 HIGH

Neato Botvac Connected 2.2.0 - Replay

CVE-2018-16242 MEDIUM

oBike - Auth Bypass

CVE-2018-7790 CRITICAL

Schneider Electric's Modicon M221 - Info Disclosure

Previous Page 8 of 9 Next

Details

Vulnerabilities 210

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy