An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.
An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.
An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.
A remote unauthenticated attacker may be able to bypass authentication
by utilizing a specific API route to execute arbitrary OS commands.
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configura
An unauthenticated remote attacker can access a URL which causes the device to reboot.
An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS.
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.
The affected products expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.
An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled.
The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.
Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without login credentials.
An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potential
An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected.
Beward N100 M2.1.6.04C014 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve the camera's RTSP str
An unauthenticated attacker can hijack other users' devices and potentially control them.
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.
An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.
The embedded web interface of the device does not support HTTPS/TLS for
authentication and uses HTTP Basic Authentication. Traffic is encoded
but not encrypted, exposing user credentials to passive
Page 1+ Next →