Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-306

CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,453 vulnerabilities with CWE-306

CVE-2017-17747 MEDIUM

TP-Link TL-SG108E v1.0.0 - Unauthenticated Denial of Service via Device Logout Functionality

CVE-2017-17746 MEDIUM

TP-Link TL-SG108E Firmware 1.0.0 - Missing Authentication for Critical Function via NAT Gateway IP

CVE-2017-3184 CRITICAL

ACTi D, B, I, and E series cameras >=A1D-500-V6.11.31-AC - Unauthenticated Factory Reset via Direct URL Access

CVE-2017-12155 MEDIUM

openstack-tripleo-heat-templates - Info Disclosure

CVE-2017-16241 HIGH

AMAG Symmetry Door Edge Network Controllers - RCE

CVE-2017-8156 MEDIUM

Huawei B2338-168 Firmware V100R001C00 - Unauthenticated Serial Port Access

CVE-2017-8155 HIGH

Huawei B2338-168 Firmware V100R001C00 - Unauthenticated Remote Command Execution via Specific Port

CVE-2017-2708 MEDIUM

Huawei Nice Firmware < Nice-AL00C00B0135 - Unauthenticated Authentication Bypass via Find Phone Function

CVE-2017-1523 HIGH

IBM InfoSphere Master Data Management Collaborative Edition 11.5 - Unauthenticated Report Download

CVE-2017-10271 HIGH KEV

Oracle WebLogic wls-wsat Component Deserialization RCE

CVE-2017-5637 HIGH

Apache ZooKeeper 3.4.0-3.4.9 and 3.5.0-3.5.2 - Unauthenticated Denial of Service via wchp/wchc Commands

CVE-2017-12822 CRITICAL

Sentinel LDK RTE < 7.55 - Unauthenticated Admin Interface Enabling and Disabling

CVE-2017-13997 CRITICAL

Schneider Electric InduSoft Web Studio <8.0 SP2 - Auth Bypass

CVE-2017-14350 CRITICAL

HPE Application Performance Management <9.40 - RCE

CVE-2017-1483 HIGH

IBM Security Identity Manager 6.0-7.0 - Unauthenticated Critical Function Access

CVE-2017-14417 CRITICAL

D-Link DIR-850L <FW208WWb02 - Info Disclosure

CVE-2017-12733 CRITICAL

OPW SiteSentinel Integra 100/500 and iSite ATG Firmware < V175 - Unauthenticated Privilege Escalation

CVE-2017-12440 HIGH

OpenStack Aodh < 6.0.1 - Authenticated Trust ID Spoofing via Alarm Action Scheme

CVE-2017-6873 HIGH

Siemens OZW672/OZW772 - Info Disclosure

CVE-2017-6872 MEDIUM

Siemens OZW672/OZW772 - Info Disclosure

CVE-2017-4919 CRITICAL

VMware vCenter Server <6.5 - Privilege Escalation

CVE-2017-4055 HIGH

McAfee Advanced Threat Defense 3.4-3.10 - Unauthenticated Detection Bypass via Web Interface

CVE-2017-4052 CRITICAL

McAfee Advanced Threat Defense 3.4-3.10 - Authentication Bypass via HTTP Request

CVE-2017-10804 CRITICAL

Odoo 8.0, 9.0, 10.0 - Unauthenticated Authentication Bypass via Null Byte Truncation

CVE-2017-7315 CRITICAL

Humax Digital HG100R <2.0.6 - Info Disclosure

Previous Page 96 of 99 Next

Details

Vulnerabilities 2,453

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy