Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,451 vulnerabilities with CWE-306

CVE-2020-10044 HIGH

SICAM MMU < 2.05, SICAM SGU, SICAM T < 2.18 - Unauthenticated Firmware Installation

CVE-2020-10038 CRITICAL

SICAM MMU < 2.05, SICAM SGU, SICAM T < 2.18 - Unauthenticated Administrative Command Execution

CVE-2020-6287 CRITICAL KEV

SAP NetWeaver AS JAVA - Missing Authentication Check

CVE-2020-10282 CRITICAL

Micro Air Vehicle Link 1.0 - Missing Authentication for Critical Function

CVE-2020-5910 HIGH

NGINX Controller - No Auth Required

CVE-2020-3402 HIGH

Cisco Unified Customer Voice Portal - Info Disclosure

CVE-2020-13382 CRITICAL

openSIS <= 7.4 - Unauthenticated PHP Code Execution

CVE-2020-15336 HIGH

Zyxel CloudCNM SecuManager <3.1.1 - Open Redirect

CVE-2020-15335 HIGH

Zyxel CloudCNM SecuManager <3.1.1 - CSRF

CVE-2020-11961 HIGH

Xiaomi R3600 Firmware < 1.0.50 - Unauthenticated Sensitive Information Disclosure via get_config_result Interface

CVE-2020-10272 CRITICAL

MiR Robot Firmware < 2.8.1.1 - Unauthenticated Remote Control via ROS Default Packages

CVE-2020-9480 CRITICAL

Apache Spark <= 2.4.5 - Unauthenticated Remote Code Execution via Standalone Resource Manager

CVE-2020-11969 CRITICAL

Apache TomEE 1.0.0-1.7.5, 7.0.0-M1-7.0.7, 7.1.0-7.1.2, 8.0.0-M1-8.0.1 - Unauthenticated JMX Access

CVE-2020-13150 HIGH

D-link DSL-2750U ISL2750UEME3.V1E - Info Disclosure

CVE-2020-1813 MEDIUM

HUAWEI P30 <10.1.0.135(C00E135R2P11 - Auth Bypass

CVE-2020-4471 MEDIUM

IBM Spectrum Protect Plus 10.1.0-10.1.5 - Unauthenticated Denial of Service via HTTP Command

CVE-2020-14048 HIGH

ManageEngine ServiceDesk Plus < 11.1 build 11115 - Unauthenticated Agent Installation Status Manipulation

CVE-2020-7589 CRITICAL

Siemens LOGO! 8 BM Firmware - Unauthenticated Configuration Read/Write via Port 135/tcp

CVE-2020-6263 CRITICAL

SAP NetWeaver AS Java - Auth Bypass

CVE-2020-12004 HIGH

Ignition Gateway < 7.9.14 - Unauthenticated Sensitive Information Disclosure

CVE-2020-5589 HIGH

SONY Wireless Headphones <4.5.2 - RCE

CVE-2020-10754 MEDIUM

NetworkManager < 1.22.14 - Improper Authentication via nmcli Profile Creation

CVE-2020-13838 LOW

Samsung Android P(9.0) and Q(10.0) - Unauthenticated Access to Quick Panel and Notifications via DeX Lockscreen

CVE-2020-13837 LOW

Android - Unauthenticated Quick Panel Access via Lockscreen

CVE-2020-3335 MEDIUM

Cisco Application Services Engine Software - Info Disclosure

Previous Page 80 of 99 Next

Details

Vulnerabilities 2,451

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy