Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-04 | CVE-2020-35219 | Improper Authentication vulnerability in Asus Dsl-N17U Firmware 1.1.0.2 The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by changing the admin password without authentication via a POST request to Advanced_System_Content.asp with the uiViewTools_username=admin&uiViewTools_Password= and uiViewTools_PasswordConfirm= substrings. | 9.8 |
| 2020-12-31 | CVE-2020-25848 | Improper Authentication vulnerability in Hgiga products HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism. | 9.8 |
| 2020-12-30 | CVE-2020-35785 | Improper Authentication vulnerability in Netgear Dgn2200 Firmware 1.0.0.507.0.50/1.0.0.55/1.0.0.58 NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365). | 8.8 |
| 2020-12-29 | CVE-2020-10148 | Improper Authentication vulnerability in Solarwinds Orion Platform 2019.4/2020.2/2020.2.1 The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. | 9.8 |
| 2020-12-29 | CVE-2020-9207 | Improper Authentication vulnerability in Huawei products There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. | 7.8 |
| 2020-12-28 | CVE-2020-26030 | Improper Authentication vulnerability in Zammad An issue was discovered in Zammad before 3.4.1. | 9.8 |
| 2020-12-22 | CVE-2020-24675 | Improper Authentication vulnerability in ABB Symphony + Historian and Symphony + Operations In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process. | 9.8 |
| 2020-12-22 | CVE-2020-24579 | Improper Authentication vulnerability in Dlink Dsl2888A Firmware An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. | 8.8 |
| 2020-12-21 | CVE-2020-27254 | Improper Authentication vulnerability in Emerson products Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information. | 7.5 |
| 2020-12-17 | CVE-2020-27199 | Improper Authentication vulnerability in Magic Home PRO Project Magic Home PRO 1.5.1 The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. | 7.5 |