Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2022-10-31 CVE-2022-40202 Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A
The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication.
network
low complexity
deltaww CWE-306
critical
 9.8
9.8
2022-10-31 CVE-2022-41629 Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory.
network
low complexity
deltaww CWE-306
critical
 9.1
9.1
2022-10-31 CVE-2022-41644 Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges.
network
low complexity
deltaww CWE-306
8.8
8.8
2022-10-31 CVE-2022-41688 Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups.
network
low complexity
deltaww CWE-306
7.5
7.5
2022-10-31 CVE-2022-41776 Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml.
network
low complexity
deltaww CWE-306
7.5
7.5
2022-10-28 CVE-2022-2474 Missing Authentication for Critical Function vulnerability in Haascnc Haas Controller Firmware 100.20.000.1110
Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device.
low complexity
haascnc CWE-306
8.0
8.0
2022-10-26 CVE-2022-3674 Missing Authentication for Critical Function vulnerability in Sanitization Management System Project Sanitization Management System 1.0
A vulnerability has been found in SourceCodester Sanitization Management System 1.0 and classified as critical.
network
low complexity
sanitization-management-system-project CWE-306
critical
 9.8
9.8
2022-10-25 CVE-2022-27623 Missing Authentication for Critical Function vulnerability in Synology Diskstation Manager
Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.
network
low complexity
synology CWE-306
critical
 9.1
9.1
2022-10-25 CVE-2022-38870 Missing Authentication for Critical Function vulnerability in Free5Gc 3.2.1
Free5gc v3.2.1 is vulnerable to Information disclosure.
network
low complexity
free5gc CWE-306
7.5
7.5
2022-10-20 CVE-2022-3327 Missing Authentication for Critical Function vulnerability in Ikus-Soft Rdiffweb
Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6.
network
low complexity
ikus-soft CWE-306
critical
 9.8
9.8