Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-23 | CVE-2019-12289 | Missing Authentication for Critical Function vulnerability in Vstracam C38S Firmware and C7824Wip Firmware An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. | 9.8 |
| 2019-05-23 | CVE-2019-12288 | Missing Authentication for Critical Function vulnerability in multiple products An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices. | 9.8 |
| 2019-05-22 | CVE-2019-6808 | Missing Authentication for Critical Function vulnerability in Schneider-Electric products A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus. | 9.8 |
| 2019-05-22 | CVE-2019-6820 | Missing Authentication for Critical Function vulnerability in Schneider-Electric products A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2 | 8.2 |
| 2019-05-13 | CVE-2019-9727 | Missing Authentication for Critical Function vulnerability in Eq-3 Ccu3 Firmware Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. | 7.5 |
| 2019-05-13 | CVE-2019-7404 | Missing Authentication for Critical Function vulnerability in LG products An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. | 7.5 |
| 2019-05-08 | CVE-2019-5014 | Missing Authentication for Critical Function vulnerability in Wincofireworks Fw-1007 Firmware 2.0 An exploitable improper access control vulnerability exists in the bluetooth low energy functionality of Winco Fireworks FireFly FW-1007 V2.0. | 6.5 |
| 2019-05-07 | CVE-2019-7564 | Missing Authentication for Critical Function vulnerability in Coship products An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. | 9.8 |
| 2019-04-30 | CVE-2019-10950 | Missing Authentication for Critical Function vulnerability in Fujifilm products Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X provide insecure telnet services that lack authentication requirements. | 9.8 |
| 2019-04-24 | CVE-2019-8993 | Missing Authentication for Critical Function vulnerability in Tibco products The administrative web server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability that could theoretically allow an unauthenticated user to download a file with credentials information. | 9.8 |