Vulnerabilities > Authentication Bypass by Capture-replay
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-30 | CVE-2023-6374 | Authentication Bypass by Capture-replay vulnerability in Mitsubishielectric Melsec Ws0-Geth00200 Firmware Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. | 7.5 |
| 2024-01-23 | CVE-2023-46892 | Authentication Bypass by Capture-replay vulnerability in Meross Msh30Q Firmware 4.5.23 The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions (e.g., thermostat's temperature). | 8.8 |
| 2024-01-11 | CVE-2023-50128 | Authentication Bypass by Capture-replay vulnerability in Hozard Alarm System 1.0 The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state. | 5.3 |
| 2023-12-05 | CVE-2022-46480 | Authentication Bypass by Capture-replay vulnerability in U-Tec Ultraloq UL3 BT Firmware 02.27.0012 Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range. | 8.1 |
| 2023-11-17 | CVE-2023-39547 | Authentication Bypass by Capture-replay vulnerability in NEC products CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | 8.8 |
| 2023-11-14 | CVE-2023-45794 | Authentication Bypass by Capture-replay vulnerability in Siemens Mendix A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions < V9.24.10). | 8.1 |
| 2023-10-19 | CVE-2023-36857 | Authentication Bypass by Capture-replay vulnerability in Bakerhughes Bentley Nevada 3500 System Firmware 5.0.5 Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access. | 6.5 |
| 2023-09-19 | CVE-2023-41890 | Authentication Bypass by Capture-replay vulnerability in Sustainsys Saml2 Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. | 7.5 |
| 2023-09-03 | CVE-2023-39373 | Authentication Bypass by Capture-replay vulnerability in Hyundai 2017 Firmware A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay. | 6.5 |
| 2023-08-31 | CVE-2023-20900 | Authentication Bypass by Capture-replay vulnerability in multiple products A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | 7.5 |