Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-04 | CVE-2018-9119 | Missing Authentication for Critical Function vulnerability in Brilliantts Fuze Card BLE Firmware and Fuze Card MCU Firmware An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4) can unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth because no authentication is needed, as demonstrated by gatttool. | 6.1 |
| 2018-03-31 | CVE-2018-9162 | Missing Authentication for Critical Function vulnerability in Contec-Touch Smart Home Firmware 4.15 Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors. | 9.8 |
| 2018-03-15 | CVE-2018-6223 | Missing Authentication for Critical Function vulnerability in Trendmicro Email Encryption Gateway 5.5 A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters. | 9.8 |
| 2018-03-09 | CVE-2018-0521 | Missing Authentication for Critical Function vulnerability in Buffalo Wxr-1900Dhp2 Firmware 2.48 Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. | 8.8 |
| 2018-03-09 | CVE-2017-10854 | Missing Authentication for Critical Function vulnerability in Corega Cg-Wgr 1200 Firmware 2.20 Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors. | 8.8 |
| 2018-03-08 | CVE-2014-7271 | Missing Authentication for Critical Function vulnerability in multiple products Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication. | 7.8 |
| 2018-03-08 | CVE-2018-4838 | Missing Authentication for Critical Function vulnerability in Siemens products A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). | 7.5 |
| 2018-03-01 | CVE-2018-2368 | Missing Authentication for Critical Function vulnerability in SAP Netweaver System Landscape Directory SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity. | 9.8 |
| 2018-02-22 | CVE-2018-7301 | Missing Authentication for Critical Function vulnerability in Eq-3 Homematic Central Control Unit Ccu2 Firmware 2.29.22 eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. | 9.8 |
| 2018-02-15 | CVE-2017-12720 | Missing Authentication for Critical Function vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6 An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. | 8.1 |