Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-03 | CVE-2018-18995 | Missing Authentication for Critical Function vulnerability in ABB Gate-E1 Firmware and Gate-E2 Firmware Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses. | 9.8 |
| 2019-01-03 | CVE-2018-18264 | Missing Authentication for Critical Function vulnerability in Kubernetes Dashboard Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster. | 7.5 |
| 2018-12-24 | CVE-2018-19248 | Missing Authentication for Critical Function vulnerability in Epson Workforce Wf-2861 Firmware 10.48Lq22I3/10.51.Lq20I6/10.52.Lq17Ia The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request to the /FIRMWAREUPDATE URI. | 9.1 |
| 2018-12-07 | CVE-2018-17924 | Missing Authentication for Critical Function vulnerability in Rockwellautomation products Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. | 8.6 |
| 2018-11-14 | CVE-2018-7357 | Missing Authentication for Critical Function vulnerability in ZTE Zxhn H168N Firmware ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access. | 8.8 |
| 2018-10-22 | CVE-2018-13114 | Missing Authentication for Critical Function vulnerability in Keruigroup Ypc99 Firmware Missing authentication and improper input validation in KERUI Wifi Endoscope Camera (YPC99) allow an attacker to execute arbitrary commands (with a length limit of 19 characters) via the "ssid" value, as demonstrated by ssid:;ping 192.168.1.2 in the body of a SETSSID command. | 9.8 |
| 2018-10-11 | CVE-2018-1745 | Missing Authentication for Critical Function vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. | 7.5 |
| 2018-10-10 | CVE-2018-16758 | Missing Authentication for Critical Function vulnerability in multiple products Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets. | 5.9 |
| 2018-10-03 | CVE-2018-17880 | Missing Authentication for Critical Function vulnerability in D-Link Dir-823G Firmware On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot. | 7.5 |
| 2018-09-28 | CVE-2018-5393 | Missing Authentication for Critical Function vulnerability in Tp-Link EAP Controller The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. | 9.8 |