Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-31 | CVE-2018-9162 | Missing Authentication for Critical Function vulnerability in Contec-Touch Smart Home Firmware 4.15 Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors. | 7.5 |
| 2018-03-15 | CVE-2018-6223 | Missing Authentication for Critical Function vulnerability in Trendmicro Email Encryption Gateway 5.5 A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters. | 5.0 |
| 2018-03-09 | CVE-2018-0521 | Missing Authentication for Critical Function vulnerability in Buffalo Wxr-1900Dhp2 Firmware Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. | 8.3 |
| 2018-03-09 | CVE-2017-10854 | Missing Authentication for Critical Function vulnerability in Corega Cg-Wgr 1200 Firmware Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors. | 5.8 |
| 2018-03-08 | CVE-2014-7271 | Missing Authentication for Critical Function vulnerability in multiple products Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication. | 4.6 |
| 2018-03-08 | CVE-2018-4840 | Missing Authentication for Critical Function vulnerability in Siemens products A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). | 5.0 |
| 2018-03-08 | CVE-2018-4838 | Missing Authentication for Critical Function vulnerability in Siemens products A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). | 5.0 |
| 2018-03-01 | CVE-2018-2368 | Missing Authentication for Critical Function vulnerability in SAP Netweaver System Landscape Directory SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity. | 7.5 |
| 2018-02-22 | CVE-2018-7301 | Missing Authentication for Critical Function vulnerability in Eq-3 Homematic Central Control Unit Ccu2 Firmware 2.29.22 eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. | 7.5 |
| 2018-02-15 | CVE-2017-12720 | Missing Authentication for Critical Function vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6 An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. | 6.8 |