Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-29 | CVE-2019-3948 | Missing Authentication for Critical Function vulnerability in multiple products The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. | 7.5 |
| 2019-07-19 | CVE-2019-1010136 | Missing Authentication for Critical Function vulnerability in Chinamobileltd Gpn2.4P21-C-Cn Firmware W2001En00 ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access Control - Unauthenticated Remote Reboot. | 7.5 |
| 2019-07-19 | CVE-2019-13983 | Missing Authentication for Critical Function vulnerability in Rangerstudio Directus 7 API Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php. | 9.8 |
| 2019-07-11 | CVE-2019-10915 | Missing Authentication for Critical Function vulnerability in Siemens Sinetplan and TIA Administrator A vulnerability has been identified in TIA Administrator (All versions < V1.0 SP1 Upd1). | 7.8 |
| 2019-07-10 | CVE-2019-12468 | Missing Authentication for Critical Function vulnerability in multiple products An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. | 9.8 |
| 2019-07-10 | CVE-2019-10121 | Missing Authentication for Critical Function vulnerability in Eq-3 Ccu2 Firmware and Ccu3 Firmware eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. | 9.8 |
| 2019-07-10 | CVE-2019-10119 | Missing Authentication for Critical Function vulnerability in Eq-3 Ccu2 Firmware and Ccu3 Firmware eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. | 9.8 |
| 2019-07-09 | CVE-2019-13338 | Missing Authentication for Critical Function vulnerability in Weseek Growi In WESEEK GROWI before 3.5.0, a remote attacker can obtain the password hash of the creator of a page by leveraging wiki access to make API calls for page metadata. | 7.5 |
| 2019-07-09 | CVE-2019-11020 | Missing Authentication for Critical Function vulnerability in Ddrt Dashcom Live Firmware 20190509 Lack of authentication in file-viewing components in DDRT Dashcom Live 2019-05-09 allows anyone to remotely access all claim details by visiting easily guessable dashboard/uploads/claim_files/claim_id_ URLs. | 7.5 |
| 2019-07-09 | CVE-2019-11019 | Missing Authentication for Critical Function vulnerability in Ddrt Dashcom Live Firmware 20190508 Lack of authentication in case-exporting components in DDRT Dashcom Live through 2019-05-08 allows anyone to remotely access all claim details by visiting easily guessable exportpdf/all_claim_detail.php?claim_id= URLs. | 7.5 |