Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-25 | CVE-2019-10041 | Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.11 The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. | 9.8 |
| 2019-03-25 | CVE-2019-10040 | Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.11 The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. | 9.8 |
| 2019-03-25 | CVE-2019-10039 | Missing Authentication for Critical Function vulnerability in Dlink Dir-816 Firmware 1.11 The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. | 9.8 |
| 2019-03-21 | CVE-2018-20220 | Missing Authentication for Critical Function vulnerability in Teracue products An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. | 7.5 |
| 2019-03-01 | CVE-2019-9484 | Missing Authentication for Critical Function vulnerability in Carel Pcoweb Card Firmware The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password (which is 1234), or reconfiguring "party mode" or "vacation mode." | 7.5 |
| 2019-02-26 | CVE-2019-9201 | Missing Authentication for Critical Function vulnerability in Phoenixcontact products Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories. | 9.8 |
| 2019-02-25 | CVE-2019-9125 | Missing Authentication for Critical Function vulnerability in D-Link Dir-878 Firmware 1.12B01 An issue was discovered on D-Link DIR-878 1.12B01 devices. | 9.8 |
| 2019-02-24 | CVE-2019-9082 | Missing Authentication for Critical Function vulnerability in multiple products ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. | 8.8 |
| 2019-02-21 | CVE-2019-8985 | Missing Authentication for Critical Function vulnerability in Netis-Systems Wf2411 Firmware and Wf2880 Firmware On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. | 9.8 |
| 2019-02-15 | CVE-2019-0261 | Missing Authentication for Critical Function vulnerability in SAP Landscape Management 3.0 Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. | 9.8 |