Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-620

CWE-620

Unverified Password Change

Parent: CWE-1390 - Weak Authentication

When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

82 vulnerabilities with CWE-620

CVE-2021-34786 MEDIUM

Cisco BroadWorks CommPilot Application Software 22.0-22.0.2021.09 - Authenticated Unverified Password Change

CVE-2021-34785 MEDIUM

Cisco BroadWorks CommPilot 22.0-22.0.2021.09 Arbitrary Account Deletion & Privilege Escalation

CVE-2021-22773 MEDIUM

EVlink City/EVlink Parking/EVlink Smart Wallbox <R8 V3.4.0.1 - Unve...

CVE-2020-7378 CRITICAL

OpenCRX < 5.0-20200904 - Unauthenticated Unverified Password Change

CVE-2019-25653 MEDIUM

Navicat for Oracle 12.1.15 Password Field Denial of Service

CVE-2018-8916 MEDIUM

Synology DiskStation Manager < 6.2-23739 - Authenticated Unverified Password Change

CVE-2017-14005 HIGH

ProMinent MultiFLEX M10a - Privilege Escalation

Previous Page 4 of 4

Details

Vulnerabilities 82

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy