CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,436 vulnerabilities with CWE-306
CVE-2022-48496 HIGH
Huawei EMUI - Improper Authentication via Lax App Identity Verification
CVSS 7.5
CVE-2022-48494 HIGH
Huawei EMUI - Improper Authentication via Lax App Identity Verification
CVSS 7.5
CVE-2022-36249 MEDIUM
Shop Beat Media Player <3.2.57 - Auth Bypass
CVSS 5.4
CVE-2022-4240 MEDIUM
Honeywell OneWireless < r322.2 - Authentication Bypass via Missing Authentication
CVSS 6.5
CVE-2022-40725 HIGH
PingID Desktop < 1.7.4 - Authentication Bypass via PIN Attempt Limit
CVSS 7.3
CVE-2022-41331 CRITICAL
FortiPresence <1.2.1 - Info Disclosure
CVSS 9.8
CVE-2022-36983 CRITICAL
Ivanti Avalanche 6.3.3.101-6.3.4 - Unauthenticated Authentication Bypass via SetSettings Class
CVSS 9.8
CVE-2022-27645 HIGH
NETGEAR R6700v3 Firmware - Unauthenticated Authentication Bypass via readycloud_control.cgi
CVSS 8.8
CVE-2022-48291 MEDIUM
Huawei EMUI and HarmonyOS - Authentication Bypass in Bluetooth Pairing Process
CVSS 6.5
CVE-2022-45551 CRITICAL
ZBT WE1626 Router 21.06.18 - Privilege Escalation via Network Diagnosis WGET Command
CVSS 9.8
CVE-2022-45140 CRITICAL
WAGO PFC100/PFC200/751-9301/752-8303/TP600 Firmware 16-21 - Unauthenticated RCE via Arbitrary File Write
CVSS 9.8
CVE-2022-45138 CRITICAL
WAGO PFC100/PFC200/751-9301/752-8303/8000-002 & Touch Panel 600 Firmware 16-21 - Unauthenticated Configuration Access
CVSS 9.8
CVE-2022-34908 HIGH
aremis_4_nomads < 1.5.1 - Unauthenticated Data Exposure via Missing Token Validation
CVSS 8.2
CVE-2022-44216 HIGH
Gnuboard <5.5.5 - Privilege Escalation
CVSS 7.5
CVE-2022-47703 HIGH
TIANJIE CPE906-3 - Unauthenticated Password Disclosure
CVSS 7.5
CVE-2022-27891 MEDIUM
Palantir Gotham < 3.22.10.4 - Unauthenticated Active Username Enumeration
CVSS 5.3
CVE-2022-48300 HIGH
Huawei EMUI and HarmonyOS - Missing Authentication for Critical Function in WMS Module
CVSS 7.5
CVE-2022-48299 HIGH
Huawei EMUI and HarmonyOS - Missing Authentication for Critical Function in WMS Module
CVSS 7.5
CVE-2022-48289 HIGH
Huawei EMUI and HarmonyOS - Missing Authentication for Critical Function in Bundle Management Module
CVSS 7.5
CVE-2022-48288 HIGH
Huawei EMUI and HarmonyOS - Missing Authentication for Critical Function in Bundle Management Module
CVSS 7.5
CVE-2022-43761 CRITICAL
B&R APROL < R 4.2-07 - Info Disclosure
CVSS 9.4
CVE-2022-45190 MEDIUM
Microchip RN4870 1.43 - Missing Authentication for Critical Function via BLE Legacy Pairing
CVSS 5.3
CVE-2022-24990 HIGH KEV
TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989
CVSS 7.5
CVE-2022-3229 CRITICAL
Unified Remote < 3.11.0.2483 - Unauthenticated Remote Code Execution via Web Management Interface
CVSS 9.8
CVE-2022-42970 CRITICAL
Schneider Electric APC Easy UPS Online Monitoring Software < 2.5-GA-01-22320 - Unauthenticated Critical Function Access
CVSS 9.8
Details
Vulnerabilities 2,436
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits