Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2024-02-01 CVE-2023-49115 Missing Authentication for Critical Function vulnerability in Machinesense Feverwarn Firmware
MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users.
network
low complexity
machinesense CWE-306
7.5
2024-02-01 CVE-2023-49617 Missing Authentication for Critical Function vulnerability in Machinesense Feverwarn Firmware
The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication.
network
low complexity
machinesense CWE-306
critical
9.1
2024-02-01 CVE-2023-6221 Missing Authentication for Critical Function vulnerability in Machinesense Feverwarn Firmware
The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access.
network
low complexity
machinesense CWE-306
6.5
2024-02-01 CVE-2024-22449 Missing Authentication for Critical Function vulnerability in Dell Powerscale Onefs
Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability.
local
low complexity
dell CWE-306
7.8
2024-01-26 CVE-2024-23618 Missing Authentication for Critical Function vulnerability in Commscope Arris Surfboard Sbg6950Ac2 Firmware
An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices.
network
low complexity
commscope CWE-306
critical
9.8
2024-01-19 CVE-2023-51947 Missing Authentication for Critical Function vulnerability in Actidata Actinas SL 2U-8 RDX Firmware 3.2.03
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication.
network
low complexity
actidata CWE-306
critical
9.1
2024-01-15 CVE-2023-5253 Missing Authentication for Critical Function vulnerability in Nozominetworks CMC and Guardian
A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract limited asset information.
network
low complexity
nozominetworks CWE-306
7.5
2024-01-13 CVE-2023-51062 Missing Authentication for Critical Function vulnerability in Qstar Archive Storage Manager 30
An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted command.
network
low complexity
qstar CWE-306
5.3
2024-01-12 CVE-2023-31033 Missing Authentication for Critical Function vulnerability in Nvidia DGX A100 Firmware 00.19.07
NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network .
low complexity
nvidia CWE-306
8.0
2024-01-12 CVE-2023-49255 Missing Authentication for Critical Function vulnerability in Hongdian H8951-4G-Esp Firmware
The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared.
network
low complexity
hongdian CWE-306
critical
9.8