VYPR

CWE-306

Missing Authentication for Critical Function

BaseDraftLikelihood: High

Description

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-12 · CAPEC-166 · CAPEC-216 · CAPEC-36 · CAPEC-62

CVEs mapped to this weakness (964)

page 17 of 49
  • CVE-2021-47710HigDec 9, 2025
    risk 0.57cvss epss 0.00

    COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp endpoint. Attackers can access sensitive information, including login credentials and DVR settings, by…

  • CVE-2021-47709HigDec 9, 2025
    risk 0.57cvss epss 0.00

    COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint.

  • CVE-2025-66555HigDec 4, 2025
    risk 0.57cvss epss 0.00

    AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control.

  • CVE-2020-36874HigNov 26, 2025
    risk 0.57cvss epss 0.01

    ACE SECURITY WIP-90113 HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorization. The…

  • CVE-2020-36873HigNov 26, 2025
    risk 0.57cvss epss 0.01

    Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring…

  • CVE-2020-36871HigNov 26, 2025
    risk 0.57cvss epss 0.01

    ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or authorization. The exposed…

  • CVE-2019-25227HigNov 26, 2025
    risk 0.57cvss epss 0.00

    Tellion HN-2204AP routers contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/system_config_file management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication or authorization. The…

  • CVE-2019-25226HigNov 26, 2025
    risk 0.57cvss epss 0.00

    Dongyoung Media DM-AP240T/W wireless access points contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/sys_system_config management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication…

  • CVE-2025-13483HigNov 25, 2025
    risk 0.57cvss epss 0.00

    SiRcom SMART Alert (SiSA) allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application.

  • CVE-2024-14007HigNov 24, 2025
    risk 0.57cvss epss 0.01

    Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR/IPC products) versions prior to 1.3.4 contain an authentication bypass in the NVMS-9000 control protocol. By sending a single crafted TCP payload to an exposed NVMS-9000 control…

  • CVE-2021-4469HigNov 14, 2025
    risk 0.57cvss epss 0.01

    Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image…

  • CVE-2021-4468HigNov 14, 2025
    risk 0.57cvss epss 0.01

    PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does not require authentication. A remote, unauthenticated attacker can directly retrieve a compressed configuration backup file from the device. The backup contains sensitive configuration…

  • CVE-2023-7329HigNov 12, 2025
    risk 0.57cvss epss 0.01

    Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings,…

  • CVE-2025-23293HigSep 30, 2025
    risk 0.57cvss 8.7epss 0.00

    NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure.

  • CVE-2025-30037HigAug 27, 2025
    risk 0.57cvss epss 0.00

    The system exposes several endpoints, typically including "/int/" in their path, that should be restricted to internal services, but are instead publicly accessible without authentication to any host able to reach the application server on port 443/tcp.

  • CVE-2025-7774HigAug 14, 2025
    risk 0.57cvss epss 0.00

    A security issue exists within the 5032 16pt Digital Configurable module’s web server. Intercepted session credentials can be used within a 3-minute timeout window, allowing unauthorized users to perform privileged actions.

  • CVE-2025-20702HigAug 4, 2025
    risk 0.57cvss 8.8epss 0.05

    In the Airoha Bluetooth audio SDK, there is a possible unauthorized access to the RACE protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-20700HigAug 4, 2025
    risk 0.57cvss 8.8epss 0.06

    In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2025-34130HigJul 16, 2025
    risk 0.57cvss epss 0.01

    An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the /z/zbin/net_html.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml,…

  • CVE-2025-34057HigJul 2, 2025
    risk 0.57cvss epss 0.06

    An information disclosure vulnerability exists in Ruijie NBR series routers (known to affect NBR2000G, NBR1300G, and NBR1000 models) via the /WEB_VMS/LEVEL15/ endpoint. By crafting a specific POST request with modified Cookie headers and specially formatted parameters, an…