Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-25 | CVE-2019-7642 | Missing Authentication for Critical Function vulnerability in Dlink products D-Link routers with the mydlink feature have some web interfaces without authentication requirements. | 7.5 |
| 2019-03-25 | CVE-2019-10042 | Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.11 The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. | 7.5 |
| 2019-03-25 | CVE-2019-10041 | Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.11 The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. | 9.8 |
| 2019-03-25 | CVE-2019-10040 | Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.11 The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. | 9.8 |
| 2019-03-25 | CVE-2019-10039 | Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.11 The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. | 9.8 |
| 2019-03-21 | CVE-2018-20220 | Missing Authentication for Critical Function vulnerability in Teracue products An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. | 7.5 |
| 2019-03-01 | CVE-2019-9484 | Missing Authentication for Critical Function vulnerability in Carel Pcoweb Card Firmware The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password (which is 1234), or reconfiguring "party mode" or "vacation mode." | 7.5 |
| 2019-02-26 | CVE-2019-9201 | Missing Authentication for Critical Function vulnerability in Phoenixcontact products Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories. | 9.8 |
| 2019-02-25 | CVE-2019-9125 | Missing Authentication for Critical Function vulnerability in D-Link Dir-878 Firmware 1.12B01 An issue was discovered on D-Link DIR-878 1.12B01 devices. | 9.8 |
| 2019-02-24 | CVE-2019-9082 | Missing Authentication for Critical Function vulnerability in multiple products ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. | 8.8 |