CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,453 vulnerabilities with CWE-306
CVE-2018-7357 MEDIUM
ZTE ZXHN H168N Firmware <= V2.2.0_PK1.2T5 - Unauthenticated Critical Function Access
CVSS 6.5
CVE-2018-19079 HIGH
Foscam Opticam i5 Firmware 1.5.2.11/2.21.1.128 - Unauthenticated DoS via ONVIF SystemReboot
CVSS 7.5
CVE-2018-13114 CRITICAL
KERUI Wifi Endoscope Camera YPC99 - Unauthenticated OS Command Injection via SSID Parameter
CVSS 9.8
CVE-2018-1745 HIGH
IBM Security Key Lifecycle Manager 2.7.0-2.7.0.2 - Unauthenticated Server Restart
CVSS 7.5
CVE-2018-16758 MEDIUM
Tinc VPN <1.0.34 - Man-in-the-Middle
CVSS 5.9
CVE-2018-17880 HIGH
D-Link DIR-823G 2018-09-19 - Unauthenticated Reboot via HNAP1 RunReboot Command
CVSS 7.5
CVE-2018-5393 CRITICAL
TP-LINK EAP Controller <2.5.3 - Deserialization
CVSS 9.8
CVE-2018-14796 HIGH
Tec4Data SmartCooler < 180806 - Unauthenticated Denial of Service via Remote Reboot Command
CVSS 7.5
CVE-2018-1757 MEDIUM
IBM Security Identity Governance and Intelligence 5.2.3.2/5.2.4 - Sensitive Information Exposure
CVSS 5.3
CVE-2018-11247 CRITICAL
Nasdaq BWise 5.0 - Unauthenticated Remote Code Execution via JMX/RMI Interface
CVSS 9.8
CVE-2018-10603 CRITICAL
Martem TELEM GW6 and GWM Firmware < 2018.04.18-linux_4-01-601cb47 - Unauthenticated Remote Control via IEC-104 Commands
CVSS 9.8
CVE-2018-0377 CRITICAL
Cisco Policy Suite < 18.1.0 - Unauthenticated Remote File Access via OSGi Interface
CVSS 9.8
CVE-2018-0376 CRITICAL
Cisco Policy Suite < 18.2.0 - Unauthenticated Policy Builder Interface Access
CVSS 9.8
CVE-2018-0374 CRITICAL
Cisco Policy Suite < 18.2.0 - Unauthenticated Policy Builder Database Access
CVSS 9.8
CVE-2018-10635 CRITICAL
Universal Robots Robot Controllers CB 3.1-3.4.5-100 - RCE
CVSS 9.8
CVE-2018-7778 CRITICAL
Schneider-electric Evlink Charging Station Firmware < 3.2.0-12_v1 - Missing Authentication
CVSS 9.8
CVE-2018-4854 HIGH
SICLOCK TC100 and TC400 Firmware - Unauthenticated Administrative Client Tampering via TFTP
CVSS 8.8
CVE-2018-4853 CRITICAL
SICLOCK TC100 and TC400 Firmware - Unauthenticated Firmware Modification via Port 69/UDP
CVSS 9.8
CVE-2018-8016 CRITICAL
Apache Cassandra 3.8-3.11.1 - Unauthenticated Remote Code Execution via JMX/RMI Interface
CVSS 9.8
CVE-2018-11476 HIGH
Vgate iCar 2 Wi-Fi OBD2 Dongle - Unauthenticated Network Access via Unprotected WLAN
CVSS 8.8
CVE-2018-5486 HIGH
NetApp OnCommand Unified Manager <7.4 - RCE
CVSS 7.8
CVE-2018-5339 CRITICAL
Zoho ManageEngine Desktop Central <10.0.184 - Info Disclosure
CVSS 9.8
CVE-2018-5338 CRITICAL
Zoho ManageEngine Desktop Central <10.0.184 - Info Disclosure
CVSS 9.8
CVE-2018-0554 HIGH
Buffalo WZR-1750DHP2 Firmware < 2.30 - Unauthenticated Remote Code Execution
CVSS 8.8
CVE-2018-9119 MEDIUM
BrilliantTS FUZE Card BLE and MCU Firmware - Unauthenticated Data Extraction and Tampering via Bluetooth
CVSS 6.1
Details
Vulnerabilities 2,453
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits