Vulnerabilities > Authentication Bypass by Capture-replay

DATE CVE VULNERABILITY TITLE RISK
2019-06-11 CVE-2019-11334 Authentication Bypass by Capture-replay vulnerability in Tzumi Klic Lock and Klic Smart Padlock Model 5686 Firmware
An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authentication) via capture-replay.
network
high complexity
tzumi CWE-294
3.7
2019-06-05 CVE-2019-9158 Authentication Bypass by Capture-replay vulnerability in Gemalto Ezio DS3 Server 2.6.1
Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control.
low complexity
gemalto CWE-294
5.7
2019-06-04 CVE-2019-5307 Authentication Bypass by Capture-replay vulnerability in Huawei P30 Firmware
Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability.
high complexity
huawei CWE-294
4.2
2019-04-11 CVE-2019-3915 Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway G1100 Firmware 02.01.00.05
Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface.
high complexity
verizon CWE-294
7.5
2019-03-21 CVE-2018-15498 Authentication Bypass by Capture-replay vulnerability in Ysoft Safeq Server Client 6.0.13.1
YSoft SafeQ Server 6 allows a replay attack.
network
high complexity
ysoft CWE-294
8.1
2019-03-11 CVE-2019-9659 Authentication Bypass by Capture-replay vulnerability in multiple products
The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System.
network
low complexity
chuango eminent CWE-294
critical
9.1
2018-11-01 CVE-2018-7356 Authentication Bypass by Capture-replay vulnerability in ZTE Zxr10 8905E Firmware 3.03.10.B23P2
All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections.
network
low complexity
zte CWE-294
7.5
2018-10-24 CVE-2018-17903 Authentication Bypass by Capture-replay vulnerability in Sagaradio Saga1-L8B Firmware
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery.
network
low complexity
sagaradio CWE-294
critical
9.1
2018-10-24 CVE-2018-17935 Authentication Bypass by Capture-replay vulnerability in Telecrane products
All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission.
low complexity
telecrane CWE-294
8.1
2018-09-18 CVE-2018-17176 Authentication Bypass by Capture-replay vulnerability in Neatorobotics products
A replay issue was discovered on Neato Botvac Connected 2.2.0 devices.
network
low complexity
neatorobotics CWE-294
7.5