CWE-912 · Hidden Functionality

79 CVEs classified under CWE-912 (Hidden Functionality). Browse by severity and year.

Top CVEs for CWE-912
CVESeverityScorePublishedSummary
CVE-2026-3587Critical10.02026-03-23An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.
CVE-2024-39754Critical10.02025-01-14A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to ro…
CVE-2026-41446Critical9.82026-04-28Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address…
CVE-2026-1952Critical9.82026-04-24Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.
CVE-2026-33280Critical9.82026-03-27Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, result…
CVE-2010-20103Critical9.82025-08-20A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a…
CVE-2011-10018Critical9.82025-08-13myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP co…
CVE-2024-45697Critical9.82024-09-16Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote…
CVE-2024-20439Critical9.82024-09-04A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static admini…
CVE-2024-5514Critical9.82024-05-30MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management…
CVE-2024-28011Critical9.82024-03-28Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS)…
CVE-2023-24108Critical9.82023-02-22MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerab…
CVE-2022-47767Critical9.82023-01-26A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log dev…
CVE-2022-46997Critical9.82022-12-14Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. This vulnerability allows…
CVE-2022-46996Critical9.82022-12-14vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. This vulnerability…
CVE-2022-3203Critical9.82022-10-21On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or…
CVE-2021-24867Critical9.82022-02-21Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes…
CVE-2021-43987Critical9.82021-12-23An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cann…
CVE-2020-12504Critical9.82020-10-15Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES85…
CVE-2020-16204Critical9.82020-09-01The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device…