Total
1281 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24363 | 1 Tp-link | 2 Tl-wa855re, Tl-wa855re Firmware | 2024-08-04 | 8.8 High |
| TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. | ||||
| CVE-2020-24217 | 3 Jtechdigital, Provideoinstruments, Szuray | 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more | 2024-08-04 | 9.8 Critical |
| An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send an unauthenticated HTTP request to upload a custom firmware component, possibly in conjunction with command injection, to achieve arbitrary code execution. | ||||
| CVE-2020-24051 | 1 Moog | 4 Exvf5c-2, Exvf5c-2 Firmware, Exvp7c2-3 and 1 more | 2024-08-04 | 9.8 Critical |
| The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issue to execute privileged operations without authentication, for instance, to create a new Administrator user. | ||||
| CVE-2020-23648 | 1 Asus | 2 Rt-n12e, Rt-n12e Firmware | 2024-08-04 | 7.5 High |
| Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / start_apply.htm, an attacker can change the administrator password without any authentication. | ||||
| CVE-2020-23512 | 1 Vr Cam | 2 P1, P1 Firmware | 2024-08-04 | 9.8 Critical |
| VR CAM P1 Model P1 v1 has an incorrect access control vulnerability where an attacker can obtain complete access of the device from web (remote) without authentication. | ||||
| CVE-2020-23448 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-08-04 | 9.8 Critical |
| newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed. | ||||
| CVE-2020-21934 | 1 Motorola | 2 Cx2, Cx2 Firmware | 2024-08-04 | 7.5 High |
| An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where authentication to download the Syslog could be bypassed. | ||||
| CVE-2020-21997 | 1 Smartwares | 2 Home Easy, Home Easy Firmware | 2024-08-04 | 7.5 High |
| Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resulting in authentication bypass, session hijacking and full system control. | ||||
| CVE-2020-21996 | 1 Ave | 13 53ab-wbs, 53ab-wbs Firmware, Dominaplus and 10 more | 2024-08-04 | 7.5 High |
| AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario. | ||||
| CVE-2020-21936 | 1 Motorola | 2 Cx2, Cx2 Firmware | 2024-08-04 | 5.3 Medium |
| An issue in HNAP1/GetMultipleHNAPs of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to access the components GetStationSettings, GetWebsiteFilterSettings and GetNetworkSettings without authentication. | ||||
| CVE-2020-20627 | 1 Givewp | 1 Givewp | 2024-08-04 | 5.3 Medium |
| The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change. | ||||
| CVE-2020-20472 | 1 White Shark Systems Project | 1 White Shark Systems | 2024-08-04 | 5.3 Medium |
| White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username information for all users of the current site. | ||||
| CVE-2020-19670 | 1 Niushop | 1 Niushop | 2024-08-04 | 4.9 Medium |
| In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords. | ||||
| CVE-2020-19419 | 1 Emerson | 2 Smart Wireless Gateway 1420, Smart Wireless Gateway 1420 Firmware | 2024-08-04 | 7.5 High |
| Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication. | ||||
| CVE-2020-17517 | 1 Apache | 1 Ozone | 2024-08-04 | 7.5 High |
| The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys thereby exposing data to anonymous clients or users. This affected Apache Ozone prior to the 1.1.0 release. | ||||
| CVE-2020-17475 | 1 Megvii | 2 Koala, Koala Firmware | 2024-08-04 | 7.5 High |
| Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000. | ||||
| CVE-2020-16167 | 1 Robotemi | 1 Launcher Os | 2024-08-04 | 9.1 Critical |
| Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified vectors. | ||||
| CVE-2020-16098 | 1 Gallagher | 1 Command Centre | 2024-08-04 | 9.8 Critical |
| It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported. | ||||
| CVE-2020-16102 | 1 Gallagher | 1 Command Centre | 2024-08-04 | 7.1 High |
| Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions. | ||||
| CVE-2020-15894 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2024-08-04 | 7.5 High |
| An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT. | ||||