Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,430 vulnerabilities with CWE-306

CVE-2023-53771 CRITICAL

MiniDVBLinux 5.4 - Unauthenticated Root Password Change via System Setup Endpoint

CVE-2023-7328 MEDIUM

Screen SFT DAB 600/C Firmware <= 1.9.3 - Unauthenticated Information Disclosure via User Management API

CVE-2023-7329 HIGH

Tinycontrol LAN Controller <1.58a - DoS

CVE-2023-7325 CRITICAL

Anheng Mingyu Operation and Maintenance Audit and Risk Control Syst...

CVE-2023-6215 HIGH

HP Sure Start IFD Protection - BIOS Integrity Bypass Code Execution

CVE-2023-7308 HIGH

NSFOCUS SecGate3600 Firmware - Unauthenticated Sensitive Information Disclosure via authManageSet.cgi Endpoint

CVE-2023-22650 HIGH

Rancher 2.7.0-2.7.13 and 2.8.0-2.8.4 - Improper Authentication via Uncleaned User Tokens

CVE-2023-52949 MEDIUM

Synology Active Backup for Business Agent < 2.7.0-3221 - Unauthenticated User Credential Exposure via Proxy Settings

CVE-2023-52947 MEDIUM

Synology Active Backup for Business Agent < 2.6.3-3101 - Unauthenticated Logout via Local Attack

CVE-2023-41918 CRITICAL

Unconstrained Functionality - Privilege Escalation

CVE-2023-5935 HIGH

Nozomi Networks Arc < 1.6.0 - Sensitive Info Exposure & Code Execution via Local Web Interface

CVE-2023-37325 MEDIUM

D-Link DAP-2622 Firmware - Unauthenticated Configuration Change via DDP Set SSID List

CVE-2023-51587 HIGH

Voltronic Power ViewPower - Info Disclosure

CVE-2023-50199 HIGH

D-Link G416 Firmware < 1.09b01 - Unauthenticated Remote Code Execution via HTTP Service

CVE-2023-44413 HIGH

D-Link D-View 8 - Unauthenticated Denial of Service via shutdown_coreserver Action

CVE-2023-42121 CRITICAL

Control Web Panel - Unauthenticated Remote Code Execution

CVE-2023-41187 HIGH

D-Link DAP-1325 HNAP - Unauthenticated Remote Code Execution

CVE-2023-41186 MEDIUM

D-Link DAP-1325 Firmware < 1.09b03 - Unauthenticated Information Disclosure via CGI Interface

CVE-2023-41183 HIGH

NETGEAR Orbi 760 Firmware < 6.3.8.5 - Unauthenticated Authentication Bypass via SOAP API

CVE-2023-39466 MEDIUM

Triangle MicroWorks SCADA Data Gateway - Unauthenticated Sensitive Information Disclosure via get_config Endpoint

CVE-2023-39457 CRITICAL

Triangle MicroWorks SCADA Data Gateway - Unauthenticated Remote Code Execution

CVE-2023-38123 HIGH

Inductive Automation Ignition < 8.1.26 - Authentication Bypass via OPC UA Quick Client

CVE-2023-27357 MEDIUM

NETGEAR RAX30 Firmware < 1.0.10.94 - Unauthenticated Information Disclosure via SOAP Request Handling

CVE-2023-47166 HIGH

Milesight UR32L v32.3.0.7-r2 - Unauthenticated Arbitrary Firmware Update via luci2-io File-Import

CVE-2023-51478 CRITICAL

Abdul Hakeem Build App Online <1.0.19 - Privilege Escalation

Previous Page 48 of 98 Next

Details

Vulnerabilities 2,430

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy