• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-287

CVE-2018-17534

February 26, 2023 by

Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.

CVE-2018-17431

February 26, 2023 by

Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.

CVE-2018-1738

February 26, 2023 by

IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907.

CVE-2018-17341

February 26, 2023 by

BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a .. substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/.. URI.

CVE-2018-17213

February 26, 2023 by

An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. A user without valid credentials can bypass the authentication process, obtaining a valid session cookie with guest/pseudo-guest level privileges. This cookie can then be further used to perform other attacks.

CVE-2018-17153

February 26, 2023 by

It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user’s IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user’s IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called “cgi_get_ipv6” that starts an admin session — tied to the IP address of the user making the request — if the additional parameter “flag” with the value “1” is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 69
  • Go to page 70
  • Go to page 71
  • Go to page 72
  • Go to page 73
  • Interim pages omitted …
  • Go to page 289
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE