CWE-656
5 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-656page 1 of 1
- CVE-2020-10277MEDIUMCVSS 6.4EG 6.42020-06-24
There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on th…
- CVE-2020-10284CRITICALCVSS 9.1EG 9.12020-07-15
No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the men…
- CVE-2020-10286HIGHCVSS 8.8EG 8.82020-07-15
the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that dis…
- CVE-2024-5244MEDIUMCVSS 4.2EG 4.22024-05-23
TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not…
- CVE-2026-42363CRITICALCVSS 9.3EG 9.32026-04-27
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages t…
Map vulnerabilities like CWE-656 to your infrastructure
EchelonGraph correlates every CVE — across CWE-656 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →