VYPR

CWE-306

Missing Authentication for Critical Function

BaseDraftLikelihood: High

Description

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-12 · CAPEC-166 · CAPEC-216 · CAPEC-36 · CAPEC-62

CVEs mapped to this weakness (964)

page 19 of 49
  • CVE-2018-0521HigMar 9, 2018
    risk 0.57cvss 8.8epss 0.01

    Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors.

  • CVE-2017-10854HigMar 9, 2018
    risk 0.57cvss 8.8epss 0.01

    Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors.

  • CVE-2016-7830HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.01

    Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative…

  • CVE-2017-3819HigMar 15, 2017
    risk 0.57cvss 8.8epss 0.03

    A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root…

  • CVE-2026-50085HigJun 12, 2026
    risk 0.56cvss 8.6epss 0.00

    The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS…

  • CVE-2026-4436HigApr 9, 2026
    risk 0.56cvss 8.6epss 0.00

    A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line.

  • CVE-2025-15620HigApr 2, 2026
    risk 0.56cvss 8.6epss 0.01

    HiOS Switch Platform versions 09.1.00 through 09.4.04 and 10.0.00 through 10.3.00 contain a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers…

  • CVE-2025-27935HigDec 4, 2025
    risk 0.56cvss epss 0.00

    The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication.

  • CVE-2025-61673HigOct 3, 2025
    risk 0.56cvss 8.6epss 0.00

    Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token…

  • CVE-2016-15046HigJul 25, 2025
    risk 0.56cvss epss 0.01

    A client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager (SSM) versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance (running on port 8161). An attacker can exploit this flaw…

  • CVE-2024-12757HigJan 17, 2025
    risk 0.56cvss 8.6epss 0.01

    Nedap Librix Ecoreader is missing authentication for critical functions that could allow an unauthenticated attacker to potentially execute malicious code.

  • CVE-2024-11980HigNov 29, 2024
    risk 0.56cvss 8.6epss 0.00

    Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device.

  • CVE-2018-17924HigDec 7, 2018
    risk 0.56cvss 8.6epss 0.04

    Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even…

  • CVE-2017-1483HigSep 28, 2017
    risk 0.56cvss 8.6epss 0.01

    IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621.

  • CVE-2026-6272HigApr 24, 2026
    risk 0.55cvss epss 0.00

    A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API…

  • CVE-2018-25259HigApr 22, 2026
    risk 0.55cvss 8.4epss 0.00

    Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump…

  • CVE-2018-25225HigMar 28, 2026
    risk 0.55cvss 8.4epss 0.00

    SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack…

  • CVE-2018-25224HigMar 28, 2026
    risk 0.55cvss 8.4epss 0.00

    PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack…

  • CVE-2019-25483HigMar 11, 2026
    risk 0.55cvss 8.4epss 0.00

    Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $( ). Attackers can inject arbitrary commands through the $( ) syntax when passed…

  • CVE-2026-27182HigFeb 18, 2026
    risk 0.55cvss 8.4epss 0.01

    Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000. Attackers on the local network can send malformed packets with unsanitized…