Search Results (81 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-11405 2026-07-16 9.8 Critical
The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification (prod_encode64/PasswordToMd5/check_rand_key). - After normal authentication fails, it calls GetValue("sys.rzadmin.password") to read a backdoor password from the device configuration. - It performs a direct strcmp() comparison (plaintext, not hashed) between the config value and the user-supplied password. A successful match grants role=2 (admin-level access) and creates a valid session. The rzadmin username is never checked — any username works with the backdoor
CVE-2026-4769 1 Wago 9 0765-110x/0100-0000, 0765-120x/0100-0000, 0765-150x/0100-0000 and 6 more 2026-07-13 9.8 Critical
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.
CVE-2026-7413 1 Yarbo 5 Firmware, Lawn Mower, Lawn Mower Firmware and 2 more 2026-05-14 7.2 High
A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates.
CVE-2026-1952 1 Deltaww 2 As320t, As320t Firmware 2026-05-11 9.8 Critical
Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.
CVE-2026-31847 1 Nexxtsolutions 3 Nebula300+, Nebula300plus, Nebula300plus Firmware 2026-04-29 8.8 High
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can activate a Telnet service on port 23. This exposes a privileged diagnostic interface that is not intended for external access and can be used to interact with the underlying system.
CVE-2026-41446 1 Snapone 2 Wattbox 800, Wattbox 820 2026-04-29 9.8 Critical
Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the device label or documentation containing these values can authenticate to the several endpoints and execute arbitrary commands as root on the device.
CVE-2026-4621 1 Nec 43 Aterm W1200ex(-ms), Aterm W1200ex-ms, Aterm W1200ex-ms Firmware and 40 more 2026-04-20 5.6 Medium
Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network.
CVE-2026-1741 1 Iptime 2 A8004t, A8004t Firmware 2026-04-18 6.6 Medium
A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-26412 2026-04-15 6.8 Medium
The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands.
CVE-2025-11673 2026-04-15 7.2 High
SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server.
CVE-2025-0675 2026-04-15 7.5 High
Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure.
CVE-2024-3016 2026-04-15 9.1 Critical
NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with unauthenticated user.
CVE-2024-5633 2026-04-15 N/A
Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service CoolView on one of the ports.  An attacker with a knowledge of the available commands is able to perform read/write operations on the device's memory, which might result in e.g. bypassing telnet login and obtaining full access to the device.
CVE-2024-47001 1 Takenaka Engineering 9 Ahd04t-a Firmware, Ahd08t-a Firmware, Ahd16t-a Firmware and 6 more 2026-04-15 8.8 High
Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.
CVE-2024-5514 1 Minmax 1 Minmax 2026-04-15 9.8 Critical
MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without being recorded in the system logs.
CVE-2025-58778 1 Ruijie 1 Rg-est300 2026-04-15 N/A
Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure, altering the system configurations, or causing a denial of service (DoS) condition.
CVE-2025-55704 1 Brother 1 Multiple Mfps 2026-04-15 5.3 Medium
Hidden functionality issue exists in multiple MFPs provided by Brother Industries, Ltd., which may allow an attacker to obtain the logs of the affected product and obtain sensitive information within the logs.
CVE-2025-55075 1 Iodata 1 Wn-7d36qr 2026-04-15 4.9 Medium
Hidden functionality issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, SSH may be enabled by a remote authenticated attacker.
CVE-2025-0626 2026-04-15 7.5 High
The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The function is triggered by attempting to update the device from the user menu. This could serve as a backdoor to the device, and could lead to a malicious actor being able to upload and overwrite files on the device.
CVE-2024-13062 2026-04-15 7.2 High
An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution. Refer to the ' 01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information.