Vulnerabilities > Authentication Bypass by Capture-replay
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-12 | CVE-2024-34065 | Authentication Bypass by Capture-replay vulnerability in Strapi Strapi is an open-source content management system. | 8.1 |
| 2024-06-05 | CVE-2024-4009 | Authentication Bypass by Capture-replay vulnerability in ABB products Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System | 7.8 |
| 2024-01-23 | CVE-2023-46892 | Authentication Bypass by Capture-replay vulnerability in Meross Msh30Q Firmware 4.5.23 The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions (e.g., thermostat's temperature). | 8.8 |
| 2024-01-11 | CVE-2023-50128 | Authentication Bypass by Capture-replay vulnerability in Hozard Alarm System 1.0 The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state. | 5.3 |
| 2023-12-05 | CVE-2022-46480 | Authentication Bypass by Capture-replay vulnerability in U-Tec Ultraloq UL3 BT Firmware 02.27.0012 Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range. | 8.1 |
| 2023-11-17 | CVE-2023-39547 | Authentication Bypass by Capture-replay vulnerability in NEC products CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | 8.8 |
| 2023-10-19 | CVE-2023-36857 | Authentication Bypass by Capture-replay vulnerability in Bakerhughes Bentley Nevada 3500 System Firmware 5.0.5 Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access. | 6.5 |
| 2023-08-31 | CVE-2023-20900 | Authentication Bypass by Capture-replay vulnerability in multiple products A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | 7.5 |
| 2023-07-20 | CVE-2023-34625 | Authentication Bypass by Capture-replay vulnerability in Showmojo Mojobox Firmware 1.4 ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. | 8.1 |
| 2023-07-06 | CVE-2022-48507 | Authentication Bypass by Capture-replay vulnerability in Huawei Emui and Harmonyos Vulnerability of identity verification being bypassed in the storage module. | 7.5 |