Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2022-08-31 CVE-2022-36619 Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.10Cnb04
In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC.
network
low complexity
dlink CWE-306
7.5
2022-08-31 CVE-2022-30317 Missing Authentication for Critical Function vulnerability in Honeywell Experion LX Firmware
Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function.
network
low complexity
honeywell CWE-306
critical
9.1
2022-08-29 CVE-2022-37680 Missing Authentication for Critical Function vulnerability in Hitachi Hc-Ip9100Hd Firmware 1.07
An improper authentication for critical function issue in Hitachi Kokusai Electric Network products for monitoring system (Camera, Decoder and Encoder) and bellow allows attckers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi.
network
low complexity
hitachi CWE-306
7.5
2022-08-26 CVE-2022-36521 Missing Authentication for Critical Function vulnerability in Cskefu 7.0.1
Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts.
network
low complexity
cskefu CWE-306
7.5
2022-08-23 CVE-2022-35733 Missing Authentication for Critical Function vulnerability in Unimo products
Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders (UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware versions v2.0.20.13 and earlier) allows a remote unauthenticated attacker to execute an arbitrary OS command by sending a specially crafted request to the affected device web interface.
network
low complexity
unimo CWE-306
critical
9.8
2022-08-18 CVE-2022-37062 Missing Authentication for Critical Function vulnerability in Flir AX8 Firmware
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction.
network
low complexity
flir CWE-306
7.5
2022-08-17 CVE-2022-35122 Missing Authentication for Critical Function vulnerability in Ecowitt Gw1100 Firmware
An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated attackers to access sensitive information including device and local WiFi passwords.
network
low complexity
ecowitt CWE-306
critical
9.1
2022-08-11 CVE-2022-2765 Missing Authentication for Critical Function vulnerability in Company Website CMS Project Company Website CMS 1.0
A vulnerability was found in SourceCodester Company Website CMS 1.0.
network
low complexity
company-website-cms-project CWE-306
critical
9.8
2022-07-28 CVE-2022-30313 Missing Authentication for Critical Function vulnerability in Honeywell Safety Manager Firmware
Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function.
network
low complexity
honeywell CWE-306
7.5
2022-07-27 CVE-2022-36884 Missing Authentication for Critical Function vulnerability in Jenkins GIT
The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.
network
low complexity
jenkins CWE-306
5.3