CVE-2023-31411

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-306
View all →

Vulnerability Description

A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App.

Related Vulnerabilities

CVE-2006-0061

CRITICAL
CVSS:9.8(Critical)

xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session.

CWE-3062006

CVE-2006-0062

CRITICAL
CVSS:9.8(Critical)

xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window.

CWE-3062006

CVE-2014-3449

CRITICAL
CVSS:9.8(Critical)

BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability

CWE-3062014

CVE-2015-2888

CRITICAL
CVSS:9.8(Critical)

Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service.

CWE-3062015

CVE-2016-2004

CRITICAL
CVSS:9.8(Critical)

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerab...

CWE-3062016

CVE-2016-5053

CRITICAL
CVSS:9.8(Critical)

OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000.

CWE-3062016