Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,452 vulnerabilities with CWE-306

CVE-2019-6542 HIGH

ENTTEC Datagate MK2, Storm 24, Pixelator Firmware < 70044_update_05032019-482 - Unauthenticated DoS via Remote Reboot

CVE-2019-7642 HIGH

D-Link DIR-817LW, DIR-816L, DIR-816, DIR-850L, and DIR-868L Firmware - Unauthenticated Information Disclosure

CVE-2019-6538 CRITICAL

Medtronic MyCareLink Monitor 24950 and 24952 - Unauthenticated Improper Access Control via Conexus Telemetry Protocol

CVE-2019-10042 HIGH

D-Link DIR-816 A2 1.11 - Unauthenticated Router Reset via LoadDefaultSettings API

CVE-2019-10041 CRITICAL

D-Link DIR-816 A2 1.11 - Auth Bypass

CVE-2019-10040 CRITICAL

D-Link DIR-816 A2 - Command Injection

CVE-2019-10039 CRITICAL

D-Link DIR-816 A2 1.11 - Auth Bypass

CVE-2019-3917 HIGH

Nokia I-240W-Q GPON ONT Firmware 3FE54567BOZJ19 - Unauthenticated Telnetd Enablement via HTTP Request

CVE-2019-9484 HIGH

Glen Dimplex Deutschland GmbH - Info Disclosure

CVE-2019-9201 CRITICAL

Phoenix Contact ILC/AXC Firmware - Unauthenticated Info Disclosure & Directory Traversal via Port 1962

CVE-2019-9125 CRITICAL

D-Link DIR-878 1.12B01 - Unauthenticated Stack-Based Buffer Overflow via HNAP_AUTH HTTP Header

CVE-2019-9082 HIGH KEV

ThinkPHP < 3.2.4 - Remote Code Execution via Public Endpoint

CVE-2019-8985 CRITICAL

Netis WF2411 and WF2880 Firmware - Unauthenticated Stack-Based Buffer Overflow via HTTP Authorization Header

CVE-2019-0261 CRITICAL

SAP Landscape Management - Missing Authentication for Critical Function

CVE-2019-6543 CRITICAL

AVEVA InduSoft Web Studio - Missing Authentication for Critical Function

CVE-2019-6533 CRITICAL

PR100088 Modbus Gateway Firmware < r02 - Unauthenticated Register Read/Write via Web Interface

CVE-2019-7390 HIGH

D-Link DIR-823G Firmware 1.02B03 - Unauthenticated DNS Service Configuration Hijack via HNAP SetWanSettings API

CVE-2019-7389 HIGH

D-Link DIR-823G Firmware 1.02B03 - Unauthenticated Denial of Service via SetFactoryDefault HNAP API

CVE-2019-6447 HIGH

ES File Explorer File Manager < 4.1.9.7.4 - Unauthenticated Arbitrary File Read via TCP Port 59777

CVE-2019-0246 CRITICAL

SAP Cloud Connector < 2.11.3 - Missing Authentication for Critical Function

CVE-2018-25437 HIGH

WordPress CherryFramework Themes 3.1.4 Backup File Download

CVE-2018-25412 CRITICAL

Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php

CVE-2018-25335 CRITICAL

WordPress Plugin Peugeot Music 1.0 Arbitrary File Upload

CVE-2018-25332 CRITICAL

GitBucket 4.23.1 Unauthenticated Remote Code Execution

CVE-2018-25259 HIGH

Terminal Services Manager 3.1 Buffer Overflow SEH

Previous Page 92 of 99 Next

Details

Vulnerabilities 2,452

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy