Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2019-10-31 CVE-2019-18465 Missing Authentication for Critical Function vulnerability in Ipswitch Moveit Transfer 11.1/11.1.1
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface.
network
ipswitch CWE-306
6.8
6.8
2019-10-29 CVE-2019-3978 Missing Authentication for Critical Function vulnerability in Mikrotik Routeros
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291.
network
low complexity
mikrotik CWE-306
5.0
5.0
2019-10-25 CVE-2019-13549 Missing Authentication for Critical Function vulnerability in Carel Pcoweb Firmware A1.5.3/A2.0.4/B1.2.4
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4.
network
low complexity
carel CWE-306
5.0
5.0
2019-10-25 CVE-2019-13525 Missing Authentication for Critical Function vulnerability in Honeywell Ip-Ak2 Firmware
In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network.
network
low complexity
honeywell CWE-306
5.0
5.0
2019-10-17 CVE-2019-15064 Missing Authentication for Critical Function vulnerability in Hinet Gpon Firmware
HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication.
network
low complexity
hinet CWE-306
7.5
7.5
2019-10-16 CVE-2019-17512 Missing Authentication for Critical Function vulnerability in Dlink Dir-412 Firmware A11.14Ww
There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers.
network
low complexity
dlink CWE-306
6.4
6.4
2019-10-16 CVE-2019-15282 Missing Authentication for Critical Function vulnerability in Cisco Identity Services Engine Software
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device.
network
low complexity
cisco CWE-306
5.0
5.0
2019-10-14 CVE-2019-17511 Missing Authentication for Critical Function vulnerability in Dlink Dir-412 Firmware A11.14Ww
There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers.
network
low complexity
dlink CWE-306
5.0
5.0
2019-10-11 CVE-2019-17506 Missing Authentication for Critical Function vulnerability in Dlink Dir-817Lw A1 Firmware and Dir-868L B1 Firmware
There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers.
network
low complexity
dlink CWE-306
critical
 10.0
10
2019-10-11 CVE-2019-17505 Missing Authentication for Critical Function vulnerability in Dlink Dap-1320 A2 Firmware 1.21
D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml.
network
low complexity
dlink CWE-306
5.0
5.0