CWE-656
10 CVEs classified under CWE-656. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-10286 | Critical | 9.4 | 2020-07-15 | the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gai… |
CVE-2026-7161 | Critical | 9.3 | 2026-05-04 | An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast pack… |
CVE-2026-42363 | Critical | 9.3 | 2026-04-27 | An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast pack… |
CVE-2020-10284 | Critical | 9.1 | 2020-07-15 | No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a pass… |
CVE-2024-9138 | High | 7.2 | 2025-01-03 | Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability invol… |
CVE-2020-10277 | Medium | 6.4 | 2020-06-24 | There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file)… |
CVE-2024-5244 | Medium | 5.0 | 2024-05-23 | TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages… |
CVE-2025-59093 | | 2026-01-26 | Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random valu… | |
CVE-2025-7020 | | 2025-08-09 | An incorrect encryption implementation vulnerability exists in the system log dump feature of BYD's DiLink 3.0 OS (e.g. in the model ATTO3). An attacker with p… | |
CVE-2024-12297 | | 2025-01-15 | Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server… |