CWE-489 · Active Debug Code

79 CVEs classified under CWE-489 (Active Debug Code). Browse by severity and year.

Top CVEs for CWE-489
CVESeverityScorePublishedSummary
CVE-2023-4804Critical10.02023-11-10An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.
CVE-2026-49188Critical9.82026-06-04The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitra…
CVE-2024-9644Critical9.82025-02-04The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is…
CVE-2024-9643Critical9.82025-02-04The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An att…
CVE-2024-46873Critical9.82024-12-23Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated att…
CVE-2024-21785Critical9.82024-05-28A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of…
CVE-2024-32047Critical9.82024-05-15Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the…
CVE-2024-28008Critical9.82024-03-28Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG120…
CVE-2023-34346Critical9.82023-10-11A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet ca…
CVE-2023-32645Critical9.82023-10-11A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can l…
CVE-2022-45677Critical9.82023-02-21SQL Injection Vulnerability in tanujpatra228 Tution Management System (TMS) via the email parameter to processes/student_login.process.php.
CVE-2023-22357Critical9.82023-01-17Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authent…
CVE-2022-29520Critical9.82022-10-25An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-…
CVE-2022-32585Critical9.82022-06-30A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary com…
CVE-2019-10939Critical9.82020-04-14A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All version…
CVE-2026-40035Critical9.12026-04-08Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration…
CVE-2025-2486High8.82025-11-26The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot…
CVE-2024-36475High8.82024-07-17FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to us…
CVE-2024-31406High8.82024-04-24Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with ac…
CVE-2022-38715High8.82023-01-26A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request…