CWE-306— Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.— MITRE CWE catalog
2,404 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-306page 10 of 49
- CVE-2020-21996HIGHCVSS 7.5EG 7.52021-04-28
AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario.
- CVE-2020-21997HIGHCVSS 7.5EG 7.52021-04-29
Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resulting in authentication bypass, session…
- CVE-2020-22661MEDIUMCVSS 6.5EG 6.52023-01-20
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) befo…
- CVE-2020-23256CRITICALCVSS 9.8EG 9.82023-01-20
An issue was discovered in Electerm 1.3.22, allows attackers to execute arbitrary code via unverified request to electerms service.
- CVE-2020-23448CRITICALCVSS 9.8EG 9.82021-01-26
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be byp…
- CVE-2020-23512CRITICALCVSS 9.8EG 9.82020-09-15
VR CAM P1 Model P1 v1 has an incorrect access control vulnerability where an attacker can obtain complete access of the device from web (remote) without authentication.
- CVE-2020-23648HIGHCVSS 7.5EG 7.52022-10-19
Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / start_apply.htm, an attacker can change the administrator password without any authentication.
- CVE-2020-24051CRITICALCVSS 9.8EG 9.82020-08-21
The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF o…
- CVE-2020-24217CRITICALCVSS 9.8EG 9.82020-10-06
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send an unauthenticated HTTP request to upload a custom firmware com…
- CVE-2020-24363HIGHCVSS 8.8EG 9.0⚠ KEV2020-08-31
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a …
- CVE-2020-24580HIGHCVSS 7.5EG 7.52020-12-22
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Lack of authentication functionality allows an attacker to assign a static IP address that was once used by a valid user.
- CVE-2020-25048MEDIUMCVSS 4.6EG 4.62020-08-31
An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Samsung ID is SVE-2020-17760 (August 2020).
- CVE-2020-25218CRITICALCVSS 9.8EG 9.82021-03-29
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface.
- CVE-2020-25228CRITICALCVSS 9.8EG 9.82020-12-14
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker c…
- CVE-2020-25563CRITICALCVSS 9.8EG 9.82021-08-11
In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a JSESSIONID.
- CVE-2020-25566CRITICALCVSS 9.8EG 9.82021-08-11
In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any user’s password by changing the usern…
- CVE-2020-25621HIGHCVSS 8.4EG 8.42020-12-16
An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys and passwords.
- CVE-2020-25634MEDIUMCVSS 5.4EG 5.42021-05-26
A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected.
- CVE-2020-25697HIGHCVSS 7.0EG 7.02021-05-26
A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to.
- CVE-2020-25747CRITICALCVSS 9.4EG 9.42020-09-25
The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from…
- CVE-2020-25824LOWCVSS 2.4EG 2.42020-10-14
Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted. An attacker th…
- CVE-2020-25966HIGHCVSS 7.5EG 7.52020-10-28
Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of t…
- CVE-2020-26061HIGHCVSS 7.5EG 7.52020-10-05
ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfully authenticated using security questio…
- CVE-2020-26173LOWCVSS 3.1EG 3.12020-12-18
An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents (PDF) by providing a valid document ID and token. No further authentication is required.
- CVE-2020-26192HIGHCVSS 7.8EG 7.82021-02-09
Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vulnerability to read arbitrary data, tam…
- CVE-2020-26567MEDIUMCVSS 5.5EG 5.52020-10-08
An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes.
- CVE-2020-26599MEDIUMCVSS 5.3EG 5.32020-10-06
An issue was discovered on Samsung mobile devices with Q(10.0) software. The DynamicLockscreen Terms and Conditions can be accepted without authentication. The Samsung ID is SVE-2020-17079 (October 2020).
- CVE-2020-26649HIGHCVSS 8.1EG 8.12020-10-22
AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php
- CVE-2020-26821CRITICALCVSS 10.0EG 10.02020-11-10
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of th…
- CVE-2020-26822CRITICALCVSS 10.0EG 10.02020-11-10
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and …
- CVE-2020-26823CRITICALCVSS 10.0EG 10.02020-11-10
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity…
- CVE-2020-26824CRITICALCVSS 10.0EG 10.02020-11-10
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availabilit…
- CVE-2020-26829CRITICALCVSS 10.0EG 10.02020-12-09
SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the networ…
- CVE-2020-26876HIGHCVSS 7.5EG 7.52020-10-07
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs becaus…
- CVE-2020-26942CRITICALCVSS 9.1EG 9.12024-03-21
An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin acc…
- CVE-2020-27019MEDIUMCVSS 5.5EG 5.52020-11-09
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key.
- CVE-2020-27225HIGHCVSS 7.8EG 7.82021-03-09
In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Ec…
- CVE-2020-27272MEDIUMCVSS 5.7EG 5.72021-01-19
SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unau…
- CVE-2020-27285CRITICALCVSS 9.1EG 9.12021-01-06
The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication.
- CVE-2020-27376HIGHCVSS 8.8EG 8.82022-04-07
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication.
- CVE-2020-27902MEDIUMCVSS 4.6EG 4.62020-12-08
An authentication issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2. A person with physical access to an iOS device may be able to access stored passwords without authentication.
- CVE-2020-27985HIGHCVSS 7.8EG 7.82020-11-23
Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>/SecurityOnion/setup/so-setup.
- CVE-2020-27986HIGHCVSS 7.5EG 7.52020-10-28
SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to…
- CVE-2020-28899CRITICALCVSS 9.1EG 9.12021-03-16
The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. …
- CVE-2020-28929CRITICALCVSS 9.8EG 9.82020-12-16
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI.
- CVE-2020-28937HIGHCVSS 7.5EG 7.52020-12-03
OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in…
- CVE-2020-28946HIGHCVSS 7.5EG 7.52020-12-08
An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker (with network access to the device) to obtain the configuration file, including hashed credential data. Successful exploitation could a…
- CVE-2020-29058CRITICALCVSS 9.8EG 9.82020-11-24
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD…
- CVE-2020-29138MEDIUMCVSS 5.3EG 5.32020-11-27
Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via the /backupsettings.conf URI, when any v…
- CVE-2020-29165CRITICALCVSS 9.8EG 9.82021-02-03
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges.
Map vulnerabilities like CWE-306 to your infrastructure
EchelonGraph correlates every CVE — across CWE-306 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →