CWE-494
Download of Code Without Integrity Check
Description
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-184 · CAPEC-185 · CAPEC-186 · CAPEC-187 · CAPEC-533 · CAPEC-538 · CAPEC-657 · CAPEC-662 · CAPEC-691 · CAPEC-692 · CAPEC-693 · CAPEC-695
CVEs mapped to this weakness (62)
page 2 of 4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-30206 | Hig | 0.57 | 8.8 | 0.00 | May 14, 2024 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating… | ||
| CVE-2024-54126 | Hig | 0.55 | — | 0.00 | Dec 5, 2024 | This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading… | ||
| CVE-2025-1058 | — | Hig | 0.53 | 8.1 | 0.00 | Feb 13, 2025 | CWE-494: Download of Code Without Integrity Check vulnerability exists that could render the device inoperable when malicious firmware is downloaded. | |
| CVE-2016-6564 | Hig | 0.53 | 8.1 | 0.03 | Jul 13, 2018 | Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as… | ||
| CVE-2018-13012 | Hig | 0.53 | 8.1 | 0.01 | Jun 29, 2018 | Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.12 allows the remote attacker to execute unauthorized code by substituting… | ||
| CVE-2008-3324 | Hig | 0.53 | 8.1 | 0.01 | Aug 18, 2008 | The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. | ||
| CVE-2008-3438 | Hig | 0.53 | 8.1 | 0.01 | Aug 1, 2008 | Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | ||
| CVE-2025-52263 | Hig | 0.52 | 8.0 | 0.00 | Oct 27, 2025 | An issue in the Web Configuration module of Startcharge Artemis AC Charger 7-22 kW v1.0.4 allows authenticated network-adjacent attackers to upload crafted firmware, leading to arbitrary code execution. | ||
| CVE-2025-9319 | Hig | 0.49 | 7.5 | 0.00 | Sep 11, 2025 | A potential vulnerability was reported in the Lenovo Wallpaper Client that could allow arbitrary code execution under certain conditions. | ||
| CVE-2024-52583 | Hig | 0.46 | 8.2 | 0.00 | Nov 18, 2024 | The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page `schedule.html` before 17 November 2024 or commit 93dfb83 contains links to `Leostop`, a site that hosts a malicious injected JavaScript… | ||
| CVE-2017-2707 | Hig | 0.46 | 7.1 | 0.00 | Nov 22, 2017 | Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send… | ||
| CVE-2026-30603 | Med | 0.44 | 6.8 | 0.00 | Apr 2, 2026 | An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, install backdoors, and exfiltrate data via supplying a crafted iu.sh script contained in an SD card. | ||
| CVE-2026-42575 | Hig | 0.42 | 7.5 | 0.00 | May 9, 2026 | apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded .apk packages against the checksum recorded in the signed index. The checksum is… | ||
| CVE-2025-11182 | Med | 0.42 | 6.5 | 0.00 | Oct 2, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Download of Code Without Integrity Check vulnerability in GTONE ChangeFlow allows Path Traversal.This issue affects ChangeFlow: All versions to v9.0.1.1. | ||
| CVE-2017-12740 | Med | 0.38 | 5.9 | 0.01 | Dec 26, 2017 | Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack. | ||
| CVE-2026-3428 | — | Med | 0.35 | — | 0.00 | Apr 16, 2026 | A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center(华硕大厅) allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use (TOC-TOU) during the update process, where an… | |
| CVE-2025-15575 | — | Med | 0.34 | 5.3 | 0.00 | Feb 12, 2026 | The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks… | |
| CVE-2026-32148 | Med | 0.31 | 5.9 | 0.00 | Apr 30, 2026 | Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.RemoteConverger module) allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for dependencies in the mix.lock file to ensure reproducible and integrity-checked… | ||
| CVE-2025-10539 | Med | 0.31 | 4.8 | 0.00 | Apr 28, 2026 | Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request.… | ||
| CVE-2018-14620 | Med | 0.31 | 4.7 | 0.01 | Sep 10, 2018 | The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of… |
- risk 0.57cvss 8.8epss 0.00
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating…
- risk 0.55cvss —epss 0.00
This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading…
- risk 0.53cvss 8.1epss 0.00
CWE-494: Download of Code Without Integrity Check vulnerability exists that could render the device inoperable when malicious firmware is downloaded.
- risk 0.53cvss 8.1epss 0.03
Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as…
- risk 0.53cvss 8.1epss 0.01
Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.12 allows the remote attacker to execute unauthorized code by substituting…
- risk 0.53cvss 8.1epss 0.01
The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse update.
- risk 0.53cvss 8.1epss 0.01
Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
- risk 0.52cvss 8.0epss 0.00
An issue in the Web Configuration module of Startcharge Artemis AC Charger 7-22 kW v1.0.4 allows authenticated network-adjacent attackers to upload crafted firmware, leading to arbitrary code execution.
- risk 0.49cvss 7.5epss 0.00
A potential vulnerability was reported in the Lenovo Wallpaper Client that could allow arbitrary code execution under certain conditions.
- risk 0.46cvss 8.2epss 0.00
The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page `schedule.html` before 17 November 2024 or commit 93dfb83 contains links to `Leostop`, a site that hosts a malicious injected JavaScript…
- risk 0.46cvss 7.1epss 0.00
Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send…
- risk 0.44cvss 6.8epss 0.00
An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, install backdoors, and exfiltrate data via supplying a crafted iu.sh script contained in an SD card.
- risk 0.42cvss 7.5epss 0.00
apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded .apk packages against the checksum recorded in the signed index. The checksum is…
- risk 0.42cvss 6.5epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Download of Code Without Integrity Check vulnerability in GTONE ChangeFlow allows Path Traversal.This issue affects ChangeFlow: All versions to v9.0.1.1.
- risk 0.38cvss 5.9epss 0.01
Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack.
- risk 0.35cvss —epss 0.00
A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center(华硕大厅) allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use (TOC-TOU) during the update process, where an…
- risk 0.34cvss 5.3epss 0.00
The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks…
- risk 0.31cvss 5.9epss 0.00
Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.RemoteConverger module) allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for dependencies in the mix.lock file to ensure reproducible and integrity-checked…
- risk 0.31cvss 4.8epss 0.00
Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request.…
- risk 0.31cvss 4.7epss 0.01
The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of…