CVE-2024-11980

HIGH Year: 2024
CVSS v3 Score
8.6
High
Weakness Type
CWE-306
View all →

Vulnerability Description

Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device.

Related Vulnerabilities

CVE-2017-1483

HIGH
CVSS:8.6(High)

IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID:...

CWE-3062017

CVE-2018-17924

HIGH
CVSS:8.6(High)

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon...

CWE-3062018

CVE-2019-13933

HIGH
CVSS:8.6(High)

A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V...

CWE-3062019

CVE-2019-7390

HIGH
CVSS:8.6(High)

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all cli...

CWE-3062019

CVE-2019-8993

HIGH
CVSS:8.6(High)

The administrative web server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMa...

CWE-3062019

CVE-2020-6235

HIGH
CVSS:8.6(High)

SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector Simulator, leading to Missing Authentication.

CWE-3062020