CVE-2023-25946

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-287
View all →

Vulnerability Description

Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions.

Related Vulnerabilities

CVE-2012-3462

HIGH
CVSS:8.8(High)

A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of...

CWE-2872012

CVE-2013-4863

HIGH
CVSS:8.8(High)

The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 4...

CWE-2872013

CVE-2013-7051

HIGH
CVSS:8.8(High)

D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters

CWE-2872013

CVE-2015-2880

HIGH
CVSS:8.8(High)

TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account.

CWE-2872015

CVE-2015-6397

HIGH
CVSS:8.8(High)

Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that accou...

CWE-2872015

CVE-2015-8332

HIGH
CVSS:8.8(High)

Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and pe...

CWE-2872015