A specific administrative endpoint is accessible without proper authentication, exposing device management functions.
A specific administrative endpoint notifications is accessible without proper authentication.
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.
A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.
Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network
to tamper with the system.
Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configura
An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.
Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft.
An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.
Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication.
Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service.
An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS.
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions.
An unauthenticated debug port may allow access to the device file system.
Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.
The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials.
Page 1+ Next →