CVE-2023-44413

MEDIUM Year: 2023
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-306
View all →

Vulnerability Description

D-Link D-View shutdown_coreserver Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the shutdown_coreserver action. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-19572.

Related Vulnerabilities

CVE-2018-16758

MEDIUM
CVSS:5.9(Medium)

Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.

CWE-3062018

CVE-2019-10886

MEDIUM
CVSS:5.9(Medium)

An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attack...

CWE-3062019

CVE-2019-5163

MEDIUM
CVSS:5.9(Medium)

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FA...

CWE-3062019

CVE-2020-13920

MEDIUM
CVSS:5.9(Medium)

Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and cal...

CWE-3062020

CVE-2021-28124

MEDIUM
CVSS:5.9(Medium)

A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions ca...

CWE-3062021