Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2019-10-10 CVE-2019-9529 Missing Authentication for Critical Function vulnerability in Cobham Explorer 710 Firmware 1.07
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default.
local
low complexity
cobham CWE-306
5.5
5.5
2019-10-09 CVE-2019-15018 Missing Authentication for Critical Function vulnerability in Zingbox Inspector 1.280
A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant.
network
low complexity
zingbox CWE-306
7.5
7.5
2019-10-09 CVE-2019-17354 Missing Authentication for Critical Function vulnerability in Zyxel Nbg-418N V2 Firmware 1.00(Aarp.9)C0
wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page.
network
low complexity
zyxel CWE-306
critical
 9.4
9.4
2019-10-09 CVE-2019-17353 Missing Authentication for Critical Function vulnerability in Dlink Dir-615 Firmware 20.05/20.07
An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07.
network
low complexity
dlink CWE-306
8.2
8.2
2019-10-08 CVE-2019-0379 Missing Authentication for Critical Function vulnerability in SAP Process Integration 1.0/2.0
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check
network
low complexity
sap CWE-306
5.3
5.3
2019-10-08 CVE-2019-17186 Missing Authentication for Critical Function vulnerability in Fiberhome Hg2201T Firmware Hg2201T1.00.M5007Js201804
/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication remote code execution.
network
low complexity
fiberhome CWE-306
8.8
8.8
2019-10-07 CVE-2019-17232 Missing Authentication for Critical Function vulnerability in Etoilewebdesign Ultimate FAQ
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import.
network
low complexity
etoilewebdesign CWE-306
7.5
7.5
2019-10-06 CVE-2019-17219 Missing Authentication for Critical Function vulnerability in Vzug Combi-Stream Mslq Firmware Ethernetr07
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05.
low complexity
vzug CWE-306
8.8
8.8
2019-10-01 CVE-2019-8292 Missing Authentication for Critical Function vulnerability in Online Store System Project Online Store System 1.0
Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion.
network
low complexity
online-store-system-project CWE-306
5.3
5.3
2019-10-01 CVE-2019-15940 Missing Authentication for Critical Function vulnerability in Govicture Pc530 Firmware 3.13.70
Victure PC530 devices allow unauthenticated TELNET access as root.
network
low complexity
govicture CWE-306
critical
 9.8
9.8