Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-13 | CVE-2020-5686 | Improper Authentication vulnerability in NEC Univerge Sv8500 Firmware and Univerge Sv9500 Firmware Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL. | 7.5 |
| 2021-01-13 | CVE-2020-5633 | Improper Authentication vulnerability in NEC Baseboard Management Controller 1.07/1.09 Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and then obtain/modify BMC setting information, obtain monitoring information, or reboot/shut down the vulnerable product via unspecified vectors. | 9.8 |
| 2021-01-06 | CVE-2020-36176 | Improper Authentication vulnerability in Ithemes Security The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs. | 7.5 |
| 2021-01-06 | CVE-2012-10001 | Improper Authentication vulnerability in Limit Login Attempts Project Limit Login Attempts The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts. | 9.8 |
| 2021-01-04 | CVE-2020-35219 | Improper Authentication vulnerability in Asus Dsl-N17U Firmware 1.1.0.2 The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by changing the admin password without authentication via a POST request to Advanced_System_Content.asp with the uiViewTools_username=admin&uiViewTools_Password= and uiViewTools_PasswordConfirm= substrings. | 9.8 |
| 2020-12-31 | CVE-2020-25848 | Improper Authentication vulnerability in Hgiga products HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism. | 9.8 |
| 2020-12-30 | CVE-2020-35785 | Improper Authentication vulnerability in Netgear Dgn2200 Firmware 1.0.0.507.0.50/1.0.0.55/1.0.0.58 NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365). | 8.8 |
| 2020-12-29 | CVE-2020-9207 | Improper Authentication vulnerability in Huawei products There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. | 7.8 |
| 2020-12-28 | CVE-2020-26030 | Improper Authentication vulnerability in Zammad An issue was discovered in Zammad before 3.4.1. | 9.8 |
| 2020-12-22 | CVE-2020-24675 | Improper Authentication vulnerability in ABB Symphony + Historian and Symphony + Operations In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process. | 9.8 |