CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-306

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-42783 306 2021-11-23 2021-11-29
10.0
None Remote Low Not required Complete Complete Complete
Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions.
2 CVE-2021-28913 306 2021-09-09 2021-09-20
10.0
None Remote Low Not required Complete Complete Complete
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /webif/SecurityModule to validate the so called and hard coded unique 'eibPort String' which acts as the root SSH key passphrase. This is usable and part of an attack chain to gain SSH root access.
3 CVE-2021-27255 306 Exec Code 2021-03-05 2021-03-16
8.3
None Local Network Low Not required Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360.
4 CVE-2021-22279 306 2021-12-13 2021-12-17
9.3
None Remote Medium Not required Complete Complete Complete
A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port.
5 CVE-2021-1393 306 +Priv 2021-02-24 2021-03-02
10.0
None Remote Low Not required Complete Complete Complete
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this advisory.
6 CVE-2020-35469 306 2020-12-16 2020-12-17
10.0
None Remote Low Not required Complete Complete Complete
The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remote attacker to achieve root access with a blank password.
7 CVE-2020-35468 306 2020-12-16 2020-12-17
10.0
None Remote Low Not required Complete Complete Complete
The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems deployed using affected versions of the streams container may allow a remote attacker to achieve root access with a blank password.
8 CVE-2020-35467 306 2020-12-15 2020-12-18
10.0
None Remote Low Not required Complete Complete Complete
The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password.
9 CVE-2020-35466 306 2020-12-15 2020-12-17
10.0
None Remote Low Not required Complete Complete Complete
The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve root access with a blank password.
10 CVE-2020-35465 306 2020-12-15 2020-12-17
10.0
None Remote Low Not required Complete Complete Complete
The FullArmor HAPI File Share Mount Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the FullArmor HAPI File Share Mount container may allow the remote attacker to achieve root access with a blank password.
11 CVE-2020-35464 306 2020-12-15 2020-12-17
10.0
None Remote Low Not required Complete Complete Complete
Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacker to achieve root access with a blank password.
12 CVE-2020-35463 306 2020-12-15 2020-12-17
10.0
None Remote Low Not required Complete Complete Complete
Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Systems deployed using affected versions of the Instana Dynamic APM container may allow a remote attacker to achieve root access with a blank password.
13 CVE-2020-35462 306 2020-12-15 2020-12-17
10.0
None Remote Low Not required Complete Complete Complete
Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the CoScale agent container may allow a remote attacker to achieve root access with a blank password.
14 CVE-2020-35197 306 2020-12-17 2020-12-22
10.0
None Remote Low Not required Complete Complete Complete
The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
15 CVE-2020-35196 306 2020-12-17 2020-12-22
10.0
None Remote Low Not required Complete Complete Complete
The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
16 CVE-2020-35195 306 2020-12-17 2020-12-21
10.0
None Remote Low Not required Complete Complete Complete
The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
17 CVE-2020-35193 306 2020-12-16 2020-12-21
10.0
None Remote Low Not required Complete Complete Complete
The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. System using the sonarqube docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
18 CVE-2020-35192 306 2020-12-17 2020-12-18
10.0
None Remote Low Not required Complete Complete Complete
The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
19 CVE-2020-35191 306 2020-12-17 2020-12-18
10.0
None Remote Low Not required Complete Complete Complete
The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
20 CVE-2020-35190 306 2020-12-17 2020-12-18
10.0
None Remote Low Not required Complete Complete Complete
The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
21 CVE-2020-35189 306 2020-12-17 2020-12-18
10.0
None Remote Low Not required Complete Complete Complete
The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user. System using the kong docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
22 CVE-2020-35187 306 2020-12-17 2020-12-17
10.0
None Remote Low Not required Complete Complete Complete
The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
23 CVE-2020-35186 306 2020-12-17 2020-12-17
10.0
None Remote Low Not required Complete Complete Complete
The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
24 CVE-2020-35185 306 2020-12-17 2020-12-18
10.0
None Remote Low Not required Complete Complete Complete
The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. System using the ghost docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
25 CVE-2020-35184 306 2020-12-17 2021-07-08
10.0
None Remote Low Not required Complete Complete Complete
The official composer docker images before 1.8.3 contain a blank password for a root user. System using the composer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
26 CVE-2020-29389 306 2020-12-02 2020-12-22
10.0
None Remote Low Not required Complete Complete Complete
The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password.
27 CVE-2020-25228 306 2020-12-14 2020-12-16
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected device, if he has access to this service. The system manual recommends to protect access to this port.
28 CVE-2020-24363 306 2020-08-31 2020-09-08
8.3
None Local Network Low Not required Complete Complete Complete
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password.
29 CVE-2020-15798 306 2021-02-09 2021-08-10
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)
30 CVE-2020-12017 306 Exec Code Bypass 2020-06-02 2020-06-08
9.0
None Remote Low Not required Partial Partial Complete
GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could allow multiple unauthenticated attacks that could cause serious impact. The vulnerability may allow an unauthenticated attacker to execute arbitrary commands and send a request to a specific URL that could cause the device to become unresponsive. The unauthenticated attacker may change the password of the 'configuration' user account, allowing the attacker to modify the configuration of the device via the web interface using the new password. This vulnerability may also allow an unauthenticated attacker to bypass the authentication required to configure the device and reboot the system.
31 CVE-2020-10272 306 2020-06-24 2020-07-06
10.0
None Remote Low Not required Complete Complete Complete
MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire.
32 CVE-2020-10265 306 2020-04-06 2020-04-06
9.0
None Remote Low Not required Partial Partial Complete
Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safety and more. The DashBoard server is not protected by any kind of authentication or authorization.
33 CVE-2020-9473 306 2020-04-06 2020-05-14
8.5
None Remote Medium ??? Complete Complete Complete
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a passwordless ftp ssh user. By using an exploit chain, an attacker with access to the network can get root access on the gateway.
34 CVE-2020-8636 306 Exec Code 2020-02-06 2020-02-12
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in OpServices OpMon 9.3.2 that allows Remote Code Execution .
35 CVE-2020-7389 306 2021-07-22 2021-08-04
9.0
None Remote Low ??? Complete Complete Complete
Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web application. Note, this developer configuration should not be deployed in production.
36 CVE-2020-7115 306 Exec Code Bypass 2020-06-03 2020-07-08
10.0
None Remote Low Not required Complete Complete Complete
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.
37 CVE-2020-6207 306 2020-03-10 2021-06-17
10.0
None Remote Low Not required Complete Complete Complete
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.
38 CVE-2020-5589 306 2020-06-09 2020-06-23
8.3
None Local Network Low Not required Complete Complete Complete
SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as changing volume of the product.
39 CVE-2020-5328 306 2020-03-06 2020-03-09
10.0
None Remote Low Not required Complete Complete Complete
Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur.
40 CVE-2020-3531 306 +Info CSRF 2020-11-18 2020-12-02
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information.
41 CVE-2019-17506 306 2019-10-11 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.
42 CVE-2019-17146 306 Exec Code 2020-01-07 2021-10-29
10.0
None Remote Low Not required Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the SOAPAction request header, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8458.
43 CVE-2019-15940 306 2019-10-01 2019-10-04
10.0
None Remote Low Not required Complete Complete Complete
Victure PC530 devices allow unauthenticated TELNET access as root.
44 CVE-2019-15068 306 2019-09-25 2020-10-16
10.0
None Remote Low Not required Complete Complete Complete
A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication.
45 CVE-2019-13547 306 2019-10-31 2021-05-13
10.0
None Remote Low Not required Complete Complete Complete
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.
46 CVE-2019-13405 306 2019-08-29 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software.
47 CVE-2019-12506 306 2019-06-07 2020-08-24
8.3
None Local Network Low Not required Complete Complete Complete
Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device.
48 CVE-2019-12505 306 2019-06-07 2020-08-24
8.3
None Local Network Low Not required Complete Complete Complete
Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 v1.3C is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device.
49 CVE-2019-12503 306 2019-12-02 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device.
50 CVE-2019-12289 306 Exec Code 2019-05-23 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware or even steal account information by executing a command.
Total number of vulnerabilities : 80   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.