Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-294

CWE-294

High likelihood

Authentication Bypass by Capture-replay

Parent: CWE-1390 - Weak Authentication

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

219 vulnerabilities with CWE-294

CVE-2018-15498 HIGH

YSoft SafeQ Server 6 - Info Disclosure

CVE-2018-19023 HIGH

Hetronic Nova-M <r161 - Command Injection

CVE-2018-7356 MEDIUM

ZTE ZXR10 8905E Firmware < 3.03.10.b23p2 - TCP Connection Spoofing via ISN Reuse

CVE-2018-17903 CRITICAL

SAGA1-L8B Firmware < a0.10 - Authentication Bypass via Replay Attack

CVE-2018-17935 HIGH

Telecrane F25 Series Radio Controls <00.0A - Command Injection

CVE-2018-13789 HIGH

Descor Infocad FM <3.1.0.0 - Info Disclosure

CVE-2018-17176 HIGH

Neato Botvac Connected 2.2.0 - Replay

CVE-2018-16242 MEDIUM

o.bike Smart Locker Firmware - Authentication Bypass via BLE Ciphertext Replay

CVE-2018-7790 CRITICAL

Schneider Electric's Modicon M221 - Info Disclosure

CVE-2018-14781 MEDIUM

Medtronic MiniMed MMT - Capture-Replay

CVE-2018-1128 HIGH

Ceph <master,mimic,luminous,jewel - Auth Bypass

CVE-2017-5251 HIGH

Insteon Hub <1012 - Info Disclosure

CVE-2017-3191 CRITICAL

D-Link DIR-130 and DIR-330 Firmware - Unauthenticated Authentication Bypass via Login Page POST Request

CVE-2017-11786 HIGH

Microsoft Lync/Skype for Business - Privilege Escalation

CVE-2017-6034 CRITICAL

Schneider Electric Modicon Modbus Protocol - Authentication Bypass by Capture-Replay via Cleartext Command Transmission

CVE-2017-6823 HIGH

Fiyo CMS 2.0.6.1 - Privilege Escalation

CVE-2013-1351 MEDIUM

Verax NMS <2.10 - Auth Bypass

CVE-2011-20002 HIGH

SIMATIC S7-1200 CPU - Capture-Replay

Microsoft Windows 2000/Exchange Server 5.5 - Auth Bypass

Previous Page 9 of 9

Details

Vulnerabilities 219

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy