CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,436 vulnerabilities with CWE-306
CVE-2023-35830 CRITICAL
STW TCG-4 and TCG-4lite Firmware - Unauthenticated Remote Code Execution via SMS
CVSS 9.8
CVE-2023-34761 MEDIUM
7-Eleven Hello Cup 1.3.1 - Unauthenticated BLE Connection Bypass
CVSS 6.5
CVE-2023-35854 CRITICAL
ManageEngine ADSelfService Plus <= 6113 - Authentication Bypass via Session Token Theft
CVSS 9.8
CVE-2023-31411 CRITICAL
sick_eventcam_app - Unauthenticated Configuration Modification via API
CVSS 9.8
CVE-2023-27396 CRITICAL
OMRON SYSMAC CS/CJ/CP/NJ/NX-series - Unauthenticated Command Execution via FINS Protocol
CVSS 9.8
CVE-2023-31196 HIGH
Wi-Fi AP UNIT <1.05_B04 - Info Disclosure
CVSS 7.5
CVE-2023-30762 CRITICAL
KB-AHR and KB-IRIP Series - Improper Authentication
CVSS 9.8
CVE-2023-2827 HIGH
SAP Digital Manufacturing JWT Signature Validation Bypass
CVSS 7.9
CVE-2023-34335 HIGH
AMI MegaRAC SPX 12.0-12.7 - Unauthenticated SPI Flash Write via IPMI Handler
CVSS 7.7
CVE-2023-33553 CRITICAL
Planet Technologies WDRT-1800AX v1.01-CP21 - Privilege Escalation
CVSS 9.8
CVE-2023-2187 MEDIUM
Triangle MicroWorks' SCADA Data Gateway <= v5.01.03 - Info Disclosure
CVSS 5.3
CVE-2023-2781 HIGH
User Email Verification for WooCommerce <= 3.5.0 - Unauthenticated Authentication Bypass via Email Verification Token
CVSS 8.1
CVE-2023-34094 HIGH
ChuanghuChatGPT <20230526 - Info Disclosure
CVSS 7.5
CVE-2023-30604 CRITICAL
Hitron Technologies CODA-5310 - Unauthenticated Access to System Configuration Interface
CVSS 9.8
CVE-2023-25780 MEDIUM
Status PowerBPM - Insufficient Authentication for Critical Function
CVSS 5.7
CVE-2023-33247 HIGH
Talend Data Catalog <8.0-20230413 - Open Redirect
CVSS 7.5
CVE-2023-31227 HIGH
Huawei EMUI - Missing Authentication for Critical Function in hwPartsDFR Module
CVSS 7.5
CVE-2023-0116 HIGH
Huawei EMUI - Missing Authentication for Critical Function in Reminder Module
CVSS 7.5
CVE-2023-31594 HIGH
IC Realtime ICIP-P2012T <2.420 - Info Disclosure
CVSS 7.5
CVE-2023-1837 HIGH
hypr_server < 8.0 - Authentication Bypass via Legacy APIs
CVSS 8.5
CVE-2023-23545 MEDIUM
Tandd Tr-71w Firmware - Missing Authentication
CVSS 5.3
CVE-2023-2704 CRITICAL
BP Social Connect <= 1.5 - Unauthenticated Authentication Bypass via Facebook Login
CVSS 9.8
CVE-2023-32680 MEDIUM
Metabase < 0.44.7 - Unauthenticated SQL Snippet Editing via API or Model Metadata
CVSS 5.8
CVE-2023-20003 MEDIUM
Cisco Business Wireless APs - Auth Bypass
CVSS 4.7
CVE-2023-1096 CRITICAL
SnapCenter 4.7-4.7P2 and 4.8-4.8P1 - Unauthenticated Admin Access
CVSS 9.8
Details
Vulnerabilities 2,436
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits