Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2020-04-22 CVE-2018-21121 Improper Authentication vulnerability in Netgear products
Certain NETGEAR devices are affected by authentication bypass.
low complexity
netgear CWE-287
8.8
2020-04-22 CVE-2018-21118 Improper Authentication vulnerability in Netgear Xr500 Firmware 2.3.2.22
NETGEAR XR500 devices before 2.3.2.32 are affected by authentication bypass.
low complexity
netgear CWE-287
8.8
2020-04-22 CVE-2017-18776 Improper Authentication vulnerability in Netgear products
Certain NETGEAR devices are affected by authentication bypass.
local
low complexity
netgear CWE-287
8.4
2020-04-22 CVE-2017-18772 Improper Authentication vulnerability in Netgear products
Certain NETGEAR devices are affected by authentication bypass.
low complexity
netgear CWE-287
8.8
2020-04-22 CVE-2020-11796 Improper Authentication vulnerability in Jetbrains Space
In JetBrains Space through 2020-04-22, the password authentication implementation was insecure.
network
low complexity
jetbrains CWE-287
critical
9.8
2020-04-21 CVE-2020-5268 Improper Authentication vulnerability in Sustainsys Saml2
In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases.
network
low complexity
sustainsys CWE-287
7.3
2020-04-21 CVE-2020-11965 Improper Authentication vulnerability in Evenroute Iqrouter Firmware 3.3.1
In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH.
network
low complexity
evenroute CWE-287
critical
9.8
2020-04-21 CVE-2020-11964 Improper Authentication vulnerability in Evenroute Iqrouter Firmware 3.3.1
In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily.
network
low complexity
evenroute CWE-287
7.5
2020-04-20 CVE-2020-9277 Improper Authentication vulnerability in Dlink Dsl-2640B Firmware Eu4.01B
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices.
network
low complexity
dlink CWE-287
critical
9.8
2020-04-20 CVE-2020-9070 Improper Authentication vulnerability in Huawei Taurus-Al00B Firmware 10.0.0.133(C00E132R5P1)/10.0.0.203(C00E201R7P2)/10.0.0.41(Sp2C00E41R3P2)
Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability.
local
low complexity
huawei CWE-287
5.5