Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,453 vulnerabilities with CWE-306

CVE-2018-9162 CRITICAL

Contec Smart Home 4.15 - Unauthenticated User Management via new_user.php

CVE-2018-6223 CRITICAL

Trend Micro Email Encryption Gateway 5.5 - Unauthenticated Appliance Registration Manipulation

CVE-2018-0521 HIGH

Buffalo WXR-1900DHP2 Firmware < 2.48 - Unauthenticated Remote Code Execution

CVE-2018-4840 HIGH

Siemens DIGSI 4 < 4.92 and EN100 Ethernet Modules - Unauthenticated Device Configuration Upload

CVE-2018-4838 HIGH

Siemens EN100 Ethernet Module - Unauthenticated Firmware Upgrade/Downgrade via Web Interface

CVE-2018-2368 CRITICAL

SAP NetWeaver System Landscape Directory LM-CORE 7.10-7.40 - Missing Authentication for Critical Function

CVE-2018-7301 CRITICAL

eQ-3 HomeMatic CCU2 2.29.22 - Unauthenticated XML-RPC Request Handling

CVE-2018-1164 CRITICAL

ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5 - DoS

CVE-2018-0127 CRITICAL

Cisco RV132W and RV134W - Unauthenticated Information Disclosure via Web Interface

CVE-2018-4834 CRITICAL

Siemens Desigo PXC/PXM - Unauthenticated Firmware Upload

CVE-2018-2360 HIGH

SAP KERNEL 7.45, 7.49, 7.52 - Missing Authentication for Critical Function

CVE-2017-20222 HIGH

Telesquare SKT LTE Router SDT-CS3B1 Unauthenticated Remote Reboot

CVE-2017-20220 HIGH

Serviio PRO 1.8 Unauthenticated Password Change via REST API

CVE-2017-20217 HIGH

Serviio PRO 1.8 REST API Information Disclosure

CVE-2017-20213 HIGH

FLIR Thermal Camera F/FC/PT/D Stream <8.0.0.64 - Info Disclosure

CVE-2017-15123 MEDIUM

Red Hat CloudForms Management Engine 5.8-5.10 - Unauthenticated Sensitive Information Exposure via RSS Feed

CVE-2017-12575 HIGH

NEC Aterm WG2600HP2 1.0.2 - Unauthenticated Information Disclosure via Web API

CVE-2017-2637 CRITICAL

Red Hat OpenStack Platform - Unauthenticated Libvirtd Access via Live-Migration Configuration

CVE-2017-3217 HIGH

CalAmp LMU 3030 OBD-II/CDMA/GSM Firmware - Unauthenticated Administrative Command Execution via SMS Interface

CVE-2017-3209 HIGH

DBPOWER U818A Firmware - Unauthenticated Arbitrary File Read and Write via Anonymous FTP Access

CVE-2017-2638 MEDIUM

Infinispan < 9.0.0 - Unauthenticated Data Access via REST API

CVE-2017-0919 HIGH

GitLab <10.1.6-10.3.4 - Auth Bypass

CVE-2017-10854 HIGH

Corega CG-WGR1200 Firmware < 2.20 - Unauthenticated Password Change

CVE-2017-12720 HIGH

Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1, 1.5, 1.6 - Unauthenticated FTP Access

CVE-2017-18001 CRITICAL

Trustwave Secure Web Gateway <= 11.8.0.27 - Unauthenticated SSH Key Injection via /sendKey PublicKey Parameter

Previous Page 95 of 99 Next

Details

Vulnerabilities 2,453

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy