Vulnerabilities > Authentication Bypass by Capture-replay

DATE CVE VULNERABILITY TITLE RISK
2024-01-11 CVE-2023-50128 Authentication Bypass by Capture-replay vulnerability in Hozard Alarm System 1.0
The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state.
high complexity
hozard CWE-294
5.3
2023-12-05 CVE-2022-46480 Authentication Bypass by Capture-replay vulnerability in U-Tec Ultraloq UL3 BT Firmware 02.27.0012
Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range.
low complexity
u-tec CWE-294
8.1
2023-11-17 CVE-2023-39547 Authentication Bypass by Capture-replay vulnerability in NEC products
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
network
low complexity
nec CWE-294
8.8
2023-10-19 CVE-2023-36857 Authentication Bypass by Capture-replay vulnerability in Bakerhughes Bentley Nevada 3500 System Firmware 5.0.5
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access.
network
low complexity
bakerhughes CWE-294
6.5
2023-08-31 CVE-2023-20900 Authentication Bypass by Capture-replay vulnerability in multiple products
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
7.5
2023-07-20 CVE-2023-34625 Authentication Bypass by Capture-replay vulnerability in Showmojo Mojobox Firmware 1.4
ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass.
low complexity
showmojo CWE-294
8.1
2023-07-06 CVE-2022-48507 Authentication Bypass by Capture-replay vulnerability in Huawei Emui and Harmonyos
Vulnerability of identity verification being bypassed in the storage module.
network
low complexity
huawei CWE-294
7.5
2023-06-30 CVE-2023-2846 Authentication Bypass by Capture-replay vulnerability in Mitsubishielectric products
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets.
network
low complexity
mitsubishielectric CWE-294
critical
9.1
2023-06-22 CVE-2023-34553 Authentication Bypass by Capture-replay vulnerability in Wafucn Wafu Keyless Smart Lock Firmware 1.0
An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack.
low complexity
wafucn CWE-294
6.5
2023-06-13 CVE-2023-33621 Authentication Bypass by Capture-replay vulnerability in Gl-Inet Gl-Ar750S Firmware 3.215
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded.
network
high complexity
gl-inet CWE-294
5.9