Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the Administrator password and escalate privileges via sending a
Aztech DSL5005EN firmware 1.00.AZ_2013-05-10 and possibly other versions allows unauthenticated attackers to change the administrator password via a crafted POST request to sysAccess.asp. This allows
Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials.
CVE-2024-36068
CRITICAL CVSS 9.8
Find Similar
An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code.
Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password h
Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows authenticated attackers with low-level privileges to arbitrarily change the high-
The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and is vulnerable to Unverified Password Change via crafted POST request to /get_set.ccp.
D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the devic
Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components.
The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the administrator password and gain higher privileges without the curre
CVE-2025-22940
CRITICAL CVSS 9.1
Find Similar
Incorrect access control in Adtran 411 ONT L80.00.0011.M2 allows unauthorized attackers to arbitrarily set the admin password.
CVE-2019-16639
CRITICAL CVSS 9.8
Find Similar
An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker (who only has web interface access) to use TELNET comma
Incorrect access control in Software GmbH Agorum core open v11.9.2 & v11.10.1 allows authenticated attackers to escalate privileges to Administrator and access sensitive components and information.
A vulnerability was found in UTT 进取 750W up to 5.0 and classified as critical. Affected by this issue is the function formDefineManagement of the file /goform/setSysAdm of the component Administrator
CVE-2024-40117
CRITICAL CVSS 9.8
Find Similar
Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers to obtain Administrative privileges via connecting to the web administration server. Not existing for
CVE-2025-28230
CRITICAL CVSS 9.1
Find Similar
Incorrect access control in JMBroadcast JMB0150 Firmware v1.0 allows attackers to access hardcoded administrator credentials.
NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non-privileged users to access administrative credentials through the configuration backup endpoint. Attacke
Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information.
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices allows to change the login password without knowing the current password.
Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 allows unauthenticated attackers to access an administrative endpoint.
Page 1+ Next →