VYPR

CWE-912

Hidden Functionality

ClassIncomplete

Description

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

Hidden functionality can take many forms, such as intentionally malicious code, "Easter Eggs" that contain extraneous functionality such as games, developer-friendly shortcuts that reduce maintenance or support costs such as hard-coded accounts, etc. From a security perspective, even when the functionality is not intentionally malicious or damaging, it can increase the product's attack surface and expose additional weaknesses beyond what is already exposed by the intended functionality. Even if it is not easily accessible, the hidden functionality could be useful for attacks that modify the control flow of the application.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-133 · CAPEC-190

CVEs mapped to this weakness (36)

page 1 of 2
  • CVE-2025-34117CriJul 16, 2025
    risk 0.68cvss epss 0.23

    A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented. An unauthenticated…

  • CVE-2026-41446CriApr 28, 2026
    risk 0.64cvss 9.8epss 0.00

    Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with…

  • CVE-2026-1952CriApr 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.

  • CVE-2026-33280CriMar 27, 2026
    risk 0.64cvss 9.8epss 0.00

    Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands.

  • CVE-2024-5514CriMay 30, 2024
    risk 0.64cvss 9.8epss 0.01

    MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend…

  • CVE-2025-11544CriDec 22, 2025
    risk 0.62cvss epss 0.00

    Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.

  • CVE-2024-10773CriDec 6, 2024
    risk 0.59cvss 9.0epss 0.01

    The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device.

  • CVE-2024-3016CriMay 14, 2024
    risk 0.59cvss 9.1epss 0.01

    NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with unauthenticated user.

  • CVE-2024-6045HigJun 17, 2024
    risk 0.58cvss 8.8epss 0.06

    Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained…

  • CVE-2026-31847HigMar 23, 2026
    risk 0.57cvss 8.8epss 0.00

    Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an…

  • CVE-2025-30064HigAug 27, 2025
    risk 0.57cvss epss 0.00

    An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService…

  • CVE-2024-47001HigSep 18, 2024
    risk 0.57cvss 8.8epss 0.01

    Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.

  • CVE-2025-48416HigMay 21, 2025
    risk 0.53cvss 8.1epss 0.01

    An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. However, in the default SSH configuration the "PermitRootLogin" is disabled, preventing the root user from logging in via SSH. This…

  • CVE-2025-1204HigFeb 25, 2025
    risk 0.50cvss epss 0.00

    The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the boot process. If an…

  • CVE-2025-0675HigFeb 7, 2025
    risk 0.49cvss 7.5epss 0.00

    Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure.

  • CVE-2025-0626HigJan 30, 2025
    risk 0.49cvss 7.5epss 0.01

    The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The function is triggered by…

  • CVE-2024-5633HigJul 9, 2024
    risk 0.49cvss epss 0.01

    Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service CoolView on one of the ports.  An attacker with a knowledge of the available commands…

  • CVE-2024-22044HigMar 12, 2024
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) (All versions). Affected devices expose an unused, unstable http service at port 80/tcp on the Modbus-TCP Ethernet. This could allow an attacker on the same Modbus network to create…

  • CVE-2026-7413HigMay 7, 2026
    risk 0.47cvss 7.2epss 0.01

    A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary…

  • CVE-2025-58778HigOct 16, 2025
    risk 0.47cvss 7.2epss 0.01

    Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to…