CWE-912 · Hidden Functionality
79 CVEs classified under CWE-912 (Hidden Functionality). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-3587 | Critical | 10.0 | 2026-03-23 | An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device. |
CVE-2024-39754 | Critical | 10.0 | 2025-01-14 | A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to ro… |
CVE-2026-41446 | Critical | 9.8 | 2026-04-28 | Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address… |
CVE-2026-1952 | Critical | 9.8 | 2026-04-24 | Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability. |
CVE-2026-33280 | Critical | 9.8 | 2026-03-27 | Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, result… |
CVE-2010-20103 | Critical | 9.8 | 2025-08-20 | A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a… |
CVE-2011-10018 | Critical | 9.8 | 2025-08-13 | myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP co… |
CVE-2024-45697 | Critical | 9.8 | 2024-09-16 | Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote… |
CVE-2024-20439 | Critical | 9.8 | 2024-09-04 | A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static admini… |
CVE-2024-5514 | Critical | 9.8 | 2024-05-30 | MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management… |
CVE-2024-28011 | Critical | 9.8 | 2024-03-28 | Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS)… |
CVE-2023-24108 | Critical | 9.8 | 2023-02-22 | MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerab… |
CVE-2022-47767 | Critical | 9.8 | 2023-01-26 | A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log dev… |
CVE-2022-46997 | Critical | 9.8 | 2022-12-14 | Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. This vulnerability allows… |
CVE-2022-46996 | Critical | 9.8 | 2022-12-14 | vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. This vulnerability… |
CVE-2022-3203 | Critical | 9.8 | 2022-10-21 | On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or… |
CVE-2021-24867 | Critical | 9.8 | 2022-02-21 | Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes… |
CVE-2021-43987 | Critical | 9.8 | 2021-12-23 | An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cann… |
CVE-2020-12504 | Critical | 9.8 | 2020-10-15 | Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES85… |
CVE-2020-16204 | Critical | 9.8 | 2020-09-01 | The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device… |