Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,438 vulnerabilities with CWE-306

CVE-2021-41418 CRITICAL

AriaNg 0.1.0-1.2.2 - Unauthenticated Incorrect Access Control

CVE-2021-42893 HIGH

TOTOLINK EX1200T V4.1.2cu.5215 - Unauthenticated Sensitive Information Exposure via getSysStatusCfg

CVE-2021-42891 HIGH

TOTOLINK EX1200T V4.1.2cu.5215 - Unauthenticated Sensitive Information Disclosure

CVE-2021-42889 HIGH

TOTOLINK EX1200T V4.1.2cu.5215 - Unauthenticated Sensitive Information Exposure

CVE-2021-25094 HIGH

Tatsu Wordpress Plugin RCE

CVE-2021-43483 HIGH

CLARO KAON CG3000 <1.00.67 - Info Disclosure

CVE-2021-33008 HIGH

AVEVA System Platform <2020 R2 P01 - Auth Bypass

CVE-2021-20238 LOW

OpenShift Container Platform - Unauthenticated Sensitive Data Exposure via Machine Config Server Endpoint

CVE-2021-46009 CRITICAL

Totolink A3100R V5.9c.4577 - Info Disclosure

CVE-2021-46006 MEDIUM

Totolink A3100R V5.9c.4577 - Unauthenticated Configuration Modification via test.asp

CVE-2021-3589 HIGH

Foreman Ansible - Privilege Escalation

CVE-2021-45878 CRITICAL

GARO Wallbox GLB/GTB/GTC Firmware < 185 - Unauthenticated Incorrect Access Control

CVE-2021-44262 HIGH

Netgear WAC104 < 1.0.4.13 - Unauthenticated Information Exposure via MNU_top.htm

CVE-2021-44261 MEDIUM

Netgear WAC104 < 1.0.4.13 - Unauthenticated Information Exposure via BRS_top.html

CVE-2021-44260 HIGH

WAVLINK AC1200 WAVLINK-A42W-1.27.6-20180418 - Unauthenticated Information Disclosure via live_mfg.html

CVE-2021-44259 CRITICAL

WAVLINK AC1200 WAVLINK-A42W-1.27.6-20180418 - Unauthenticated Access via wx.html Page

CVE-2021-33658 HIGH

atune <0.3-0.8 - Privilege Escalation

CVE-2021-46384 CRITICAL

MCMS <=5.2.5 - Unauthenticated Remote Code Execution via Freemarker Template Utility

CVE-2021-46371 HIGH

antd-admin <5.5.0 - Info Disclosure

CVE-2021-45420 CRITICAL

Emerson Dixell XWEB-500 Firmware - Unauthenticated Arbitrary File Write via logo_extra_upload.cgi

CVE-2021-22823 CRITICAL

IGSS dc.exe <15.0.0.21320 - Missing Authentication

CVE-2021-22805 CRITICAL

IGSS dc.exe <15.0.0.21243 - Missing Authentication

CVE-2021-31814 MEDIUM

Stormshield Network Security 1.1.0 2.1.0-2.9.0 - Missing Authentication for Critical Function

CVE-2021-21964 HIGH

Sealevel SeaConnect 370W Firmware 1.3.34 - Denial of Service via Modbus Configuration

CVE-2021-44255 HIGH

MotionEye <= 0.42.1 and MotionEyeOS <= 20200606 - Authenticated Remote Code Execution via Malicious Configuration Backup

Previous Page 67 of 98 Next

Details

Vulnerabilities 2,438

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy