Vulnerabilities > Missing Authentication for Critical Function

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-19	CVE-2023-23451	Missing Authentication for Critical Function vulnerability in Sick products The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. network low complexity sick CWE-306 critical	9.8
2023-04-18	CVE-2023-29411	Missing Authentication for Critical Function vulnerability in Schneider-Electric products A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface. network low complexity schneider-electric CWE-306 critical	9.8
2023-04-15	CVE-2023-27571	Missing Authentication for Critical Function vulnerability in Commscope Dg3450 Firmware Ar01.02.056.18041520711.Ncs.10 An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. network low complexity commscope CWE-306	5.3
2023-04-13	CVE-2023-27747	Missing Authentication for Critical Function vulnerability in Blackvue Dr750-2Ch IR LTE Firmware and Dr750-2Ch LTE Firmware BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. network low complexity blackvue CWE-306	7.5
2023-04-11	CVE-2022-41331	Missing Authentication for Critical Function vulnerability in Fortinet Fortiproxy A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests. network low complexity fortinet CWE-306 critical	9.8
2023-04-11	CVE-2023-24527	Missing Authentication for Critical Function vulnerability in SAP Netweaver AS Java for Deploy Service 7.5 SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability and integrity. network low complexity sap CWE-306	5.3
2023-03-29	CVE-2020-14140	Missing Authentication for Critical Function vulnerability in MI Xiaomi Router Firmware When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. network low complexity mi CWE-306	7.5
2023-03-27	CVE-2022-48291	Missing Authentication for Critical Function vulnerability in Huawei Emui and Harmonyos The Bluetooth module has an authentication bypass vulnerability in the pairing process. low complexity huawei CWE-306	6.5
2023-03-27	CVE-2023-1140	Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator. network low complexity deltaww CWE-306 critical	9.8
2023-03-23	CVE-2023-28470	Missing Authentication for Critical Function vulnerability in Couchbase Server In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication. network low complexity couchbase CWE-306	5.3