Common Weakness Enumeration

CWE-1242

Allowed

Inclusion of Undocumented Features or Chicken Bits

Abstraction: Base · Status: Incomplete

The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.

27 vulnerabilities reference this CWE, most recent first.

CVE-2024-2103 (GCVE-0-2024-2103)

Vulnerability from cvelistv5 – Published: 2024-04-04 15:18 – Updated: 2024-08-01 19:03
VLAI
Title
Inclusion of Undocumented Features
Summary
Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably: SEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay . See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1242 - Inclusion of Undocumented Features
Assigner
SEL
Date Public
2024-04-04 15:00
Credits
Anonymous Researcher
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2103",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-04T17:11:57.943227Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:28:59.654Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:03:39.137Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://selinc.com/support/security-notifications/external-reports/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SEL-700BT Motor Bus Transfer Relay",
          "vendor": "Schweitzer Engineering Laboratories",
          "versions": [
            {
              "lessThan": "R301-V6",
              "status": "affected",
              "version": "R301-V0",
              "versionType": "custom"
            },
            {
              "lessThan": "R302-V1",
              "status": "affected",
              "version": "R302-V0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": " SEL-700G Generator Protection Relay",
          "vendor": "Schweitzer Engineering Laboratories",
          "versions": [
            {
              "lessThan": "R301-V6",
              "status": "affected",
              "version": "R100-V0",
              "versionType": "custom"
            },
            {
              "lessThan": "R302-V1",
              "status": "affected",
              "version": "R302-V0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SEL-710-5 Motor Protection Relay",
          "vendor": "SEL-710-5 Motor Protection Relay",
          "versions": [
            {
              "lessThan": "R302-V1",
              "status": "affected",
              "version": "R100-V0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SEL-751 Feeder Protection Relay",
          "vendor": "Schweitzer Engineering Laboratories",
          "versions": [
            {
              "lessThan": "R302-V3",
              "status": "affected",
              "version": "R101-V0",
              "versionType": "custom"
            },
            {
              "lessThan": "R400-V2",
              "status": "affected",
              "version": "R400-V0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SEL-787-2/-3/-4 Transformer Protection Relay",
          "vendor": "Schweitzer Engineering Laboratories",
          "versions": [
            {
              "lessThan": "R302-V1",
              "status": "affected",
              "version": "R100-V0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SEL-787Z High-Impedance Differential Relay",
          "vendor": "Schweitzer Engineering Laboratories",
          "versions": [
            {
              "lessThan": "R302-V3",
              "status": "affected",
              "version": "R302-V0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Anonymous Researcher"
        }
      ],
      "datePublic": "2024-04-04T15:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\n\nInclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:\u003cbr\u003eSEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay\u003cbr\u003e\u003cbr\u003e. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.\u003cp\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "\nInclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:\nSEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay\n\n. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1242",
              "description": "CWE-1242: Inclusion of Undocumented Features",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-04T15:57:14.010Z",
        "orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
        "shortName": "SEL"
      },
      "references": [
        {
          "url": "https://selinc.com/support/security-notifications/external-reports/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Inclusion of Undocumented Features",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
    "assignerShortName": "SEL",
    "cveId": "CVE-2024-2103",
    "datePublished": "2024-04-04T15:18:01.645Z",
    "dateReserved": "2024-03-01T16:25:22.105Z",
    "dateUpdated": "2024-08-01T19:03:39.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3634 (GCVE-0-2023-3634)

Vulnerability from cvelistv5 – Published: 2026-04-16 04:40 – Updated: 2026-04-16 13:51
VLAI
Title
Festo: MSE6-C2M/D2M/E2M Incomplete User Documentation of Remote Accessible Functions
Summary
In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1242 - Inclusion of Undocumented Features or Chicken Bits
Assigner
Date Public
2026-03-06 08:15
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3634",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-16T13:51:13.277265Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-16T13:51:55.114Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L4-AGD",
          "vendor": "Festo",
          "versions": [
            {
              "status": "affected",
              "version": "*"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L5-AGD",
          "vendor": "Festo",
          "versions": [
            {
              "status": "affected",
              "version": "*"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MSE6-C2M-5000-FB43-D-M-RG-BAR-M12L4-MQ1-AGD",
          "vendor": "Festo",
          "versions": [
            {
              "status": "affected",
              "version": "*"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MSE6-C2M-5000-FB43-D-M-RG-BAR-M12L5-MQ1-AGD",
          "vendor": "Festo",
          "versions": [
            {
              "status": "affected",
              "version": "*"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MSE6-C2M-5000-FB44-D-M-RG-BAR-AMI-AGD",
          "vendor": "Festo",
          "versions": [
            {
              "status": "affected",
              "version": "*"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MSE6-C2M-5000-FB44-D-RG-BAR-AMI-AGD",
          "vendor": "Festo",
          "versions": [
            {
              "status": "affected",
              "version": "*"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MSE6-D2M-5000-CBUS-S-RG-BAR-VCB-AGD",
          "vendor": "Festo",
          "versions": [
            {
              "status": "affected",
              "version": "*"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MSE6-E2M-5000-FB13-AGD",
          "vendor": "Festo",
          "versions": [
            {
              "status": "affected",
              "version": "*"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MSE6-E2M-5000-FB36-AGD",
          "vendor": "Festo",
          "versions": [
            {
              "status": "affected",
              "version": "*"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MSE6-E2M-5000-FB37-AGD",
          "vendor": "Festo",
          "versions": [
            {
              "status": "affected",
              "version": "*"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MSE6-E2M-5000-FB43-AGD",
          "vendor": "Festo",
          "versions": [
            {
              "status": "affected",
              "version": "*"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MSE6-E2M-5000-FB44-AGD",
          "vendor": "Festo",
          "versions": [
            {
              "status": "affected",
              "version": "*"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:festo:mse6-c2m-5000-fb36-d-m-rg-bar-m12l4-agd_firmware:*:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:festo:mse6-c2m-5000-fb36-d-m-rg-bar-m12l5-agd_firmware:*:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:festo:mse6-c2m-5000-fb43-d-m-rg-bar-m12l4-mq1-agd_firmware:*:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:festo:mse6-c2m-5000-fb43-d-m-rg-bar-m12l5-mq1-agd_firmware:*:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:festo:mse6-c2m-5000-fb44-d-m-rg-bar-ami-agd_firmware:*:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:festo:mse6-c2m-5000-fb44-d-rg-bar-ami-agd_firmware:*:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:festo:mse6-d2m-5000-cbus-s-rg-bar-vcb-agd_firmware:*:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:festo:mse6-e2m-5000-fb13-agd_firmware:*:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:festo:mse6-e2m-5000-fb36-agd_firmware:*:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:festo:mse6-e2m-5000-fb37-agd_firmware:*:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:festo:mse6-e2m-5000-fb43-agd_firmware:*:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:festo:mse6-e2m-5000-fb44-agd_firmware:*:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "datePublic": "2026-03-06T08:15:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability."
            }
          ],
          "value": "In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1242",
              "description": "CWE-1242 Inclusion of Undocumented Features or Chicken Bits",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-16T04:40:29.960Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://certvde.com/de/advisories/VDE-2023-020/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2023/fsa-202304.json"
        }
      ],
      "source": {
        "advisory": "VDE-2023-020",
        "defect": [
          "CERT@VDE#64559"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Festo: MSE6-C2M/D2M/E2M Incomplete User Documentation of Remote Accessible Functions",
      "x_generator": {
        "engine": "Vulnogram 0.4.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2023-3634",
    "datePublished": "2026-04-16T04:40:29.960Z",
    "dateReserved": "2023-07-12T12:07:06.056Z",
    "dateUpdated": "2026-04-16T13:51:55.114Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-4469 (GCVE-0-2021-4469)

Vulnerability from cvelistv5 – Published: 2025-11-14 22:53 – Updated: 2026-04-07 14:05 Unsupported When Assigned
VLAI
Title
Denver SHO-110 IP Camera Unauthenticated Snapshot Access
Summary
Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the 'snapshot' endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-306 - Missing Authentication for Critical Function
  • CWE-1242 - Inclusion of Undocumented Features or Chicken Bits
Assigner
Impacted products
Vendor Product Version
Denver SHO-110 Affected: 0
    cpe:2.3:h:denver:i:sho-110:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2021-07-29 00:00
Credits
Ivan Nikolsky (enty8080)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-4469",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-17T14:38:14.369155Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-17T14:38:39.748Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:h:denver:i:sho-110:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "SHO-110",
          "vendor": "Denver",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ivan Nikolsky (enty8080)"
        }
      ],
      "datePublic": "2021-07-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a \u0027/snapshot\u0027 endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the \u0027snapshot\u0027 endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment."
            }
          ],
          "value": "Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a \u0027/snapshot\u0027 endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the \u0027snapshot\u0027 endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-36",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-36 Using Unpublished Interfaces or Functionality"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1242",
              "description": "CWE-1242 Inclusion of Undocumented Features or Chicken Bits",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-07T14:05:27.862Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/50162"
        },
        {
          "tags": [
            "product"
          ],
          "url": "http://old.denver.eu/products/smart-home-security/denver-sho-110/c-1024/c-1243/p-3826"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/denver-sho-110-ip-camera-unauthenticated-snapshot-access"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "tags": [
        "unsupported-when-assigned"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2021-07-29T16:00:00.000Z",
          "value": "ExploitDB-50162 is publicly disclosed."
        }
      ],
      "title": "Denver SHO-110 IP Camera Unauthenticated Snapshot Access",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2021-4469",
    "datePublished": "2025-11-14T22:53:04.754Z",
    "dateReserved": "2025-11-14T20:33:38.739Z",
    "dateUpdated": "2026-04-07T14:05:27.862Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2017-20204 (GCVE-0-2017-20204)

Vulnerability from cvelistv5 – Published: 2025-10-15 01:20 – Updated: 2025-10-15 19:56
VLAI
Title
DBLTek GoIP Telnet Admin Interface Undocumented Backdoor
Summary
DBLTek GoIP devices (models GoIP 1, 4, 8, 16, and 32) contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented user via a proprietary challenge–response scheme which is fundamentally flawed. Because the challenge response can be computed from the challenge itself, a remote attacker can authenticate without knowledge of a secret and obtain a root shell on the device. This can lead to persistent remote code execution, full device compromise, and arbitrary control of the device and any managed services. The firmware used within these devices was updated in December 2016 to make this vulnerability more complex to exploit. However, it is unknown if DBLTek has taken steps to fully mitigate.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1242 - Inclusion of Undocumented Features or Chicken Bits
Assigner
Impacted products
Credits
SpiderLabs/Trustwave/LevelBlue
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-20204",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-15T19:53:59.880259Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-15T19:56:35.584Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "GoIP",
          "vendor": "DBL Technology (DBLTek)",
          "versions": [
            {
              "status": "affected",
              "version": "*"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "SpiderLabs/Trustwave/LevelBlue"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "DBLTek GoIP devices (models GoIP 1, 4, 8, 16, and 32) contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented user via a proprietary challenge\u2013response scheme which is fundamentally flawed. Because the challenge response can be computed from the challenge itself, a remote attacker can authenticate without knowledge of a secret and obtain a root shell on the device. This can lead to persistent remote code execution, full device compromise, and arbitrary control of the device and any managed services. The firmware used within these devices was updated in December 2016 to make this vulnerability more complex to exploit. However, it is unknown if DBLTek has taken steps to fully mitigate."
            }
          ],
          "value": "DBLTek GoIP devices (models GoIP 1, 4, 8, 16, and 32) contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented user via a proprietary challenge\u2013response scheme which is fundamentally flawed. Because the challenge response can be computed from the challenge itself, a remote attacker can authenticate without knowledge of a secret and obtain a root shell on the device. This can lead to persistent remote code execution, full device compromise, and arbitrary control of the device and any managed services. The firmware used within these devices was updated in December 2016 to make this vulnerability more complex to exploit. However, it is unknown if DBLTek has taken steps to fully mitigate."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-443",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-443 Malicious Logic Inserted Into Product by Authorized Developer"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1242",
              "description": "CWE-1242 Inclusion of Undocumented Features or Chicken Bits",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-15T01:20:42.502Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "http://www.dbltek.com/"
        },
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/undocumented-backdoor-account-in-dbltek-goip/"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/JacobMisirian/DblTekGoIPPwn"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/dbltek-goip-telnet-admin-interface-undocumented-backdoor"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "DBLTek GoIP Telnet Admin Interface Undocumented Backdoor",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2017-20204",
    "datePublished": "2025-10-15T01:20:42.502Z",
    "dateReserved": "2025-10-14T15:02:13.120Z",
    "dateUpdated": "2025-10-15T19:56:35.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-3V8Q-RHW6-PVM8

Vulnerability from github – Published: 2026-03-09 09:30 – Updated: 2026-03-09 09:30
VLAI
Details

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-41756"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1242"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-09T09:15:59Z",
    "severity": "HIGH"
  },
  "details": "A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.",
  "id": "GHSA-3v8q-rhw6-pvm8",
  "modified": "2026-03-09T09:30:30Z",
  "published": "2026-03-09T09:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41756"
    },
    {
      "type": "WEB",
      "url": "https://www.mbs-solutions.de/mbs-2025-0001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4X5W-W3CM-M967

Vulnerability from github – Published: 2024-12-05 12:31 – Updated: 2024-12-05 12:31
VLAI
Details

Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-52564"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1242"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-05T10:31:40Z",
    "severity": "HIGH"
  },
  "details": "Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered.",
  "id": "GHSA-4x5w-w3cm-m967",
  "modified": "2024-12-05T12:31:28Z",
  "published": "2024-12-05T12:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52564"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN46615026"
    },
    {
      "type": "WEB",
      "url": "https://www.iodata.jp/support/information/2024/11_ud-lt1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5G7C-29RX-62P8

Vulnerability from github – Published: 2025-10-15 03:30 – Updated: 2025-10-15 03:30
VLAI
Details

DBLTek GoIP devices (models GoIP 1, 4, 8, 16, and 32) contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented user via a proprietary challenge–response scheme which is fundamentally flawed. Because the challenge response can be computed from the challenge itself, a remote attacker can authenticate without knowledge of a secret and obtain a root shell on the device. This can lead to persistent remote code execution, full device compromise, and arbitrary control of the device and any managed services. The firmware used within these devices was updated in December 2016 to make this vulnerability more complex to exploit. However, it is unknown if DBLTek has taken steps to fully mitigate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-20204"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1242"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-15T02:15:31Z",
    "severity": "CRITICAL"
  },
  "details": "DBLTek GoIP devices (models GoIP 1, 4, 8, 16, and 32) contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented user via a proprietary challenge\u2013response scheme which is fundamentally flawed. Because the challenge response can be computed from the challenge itself, a remote attacker can authenticate without knowledge of a secret and obtain a root shell on the device. This can lead to persistent remote code execution, full device compromise, and arbitrary control of the device and any managed services. The firmware used within these devices was updated in December 2016 to make this vulnerability more complex to exploit. However, it is unknown if DBLTek has taken steps to fully mitigate.",
  "id": "GHSA-5g7c-29rx-62p8",
  "modified": "2025-10-15T03:30:40Z",
  "published": "2025-10-15T03:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-20204"
    },
    {
      "type": "WEB",
      "url": "https://github.com/JacobMisirian/DblTekGoIPPwn"
    },
    {
      "type": "WEB",
      "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/undocumented-backdoor-account-in-dbltek-goip"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/dbltek-goip-telnet-admin-interface-undocumented-backdoor"
    },
    {
      "type": "WEB",
      "url": "http://www.dbltek.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-6GRV-W576-CRGF

Vulnerability from github – Published: 2025-01-22 06:30 – Updated: 2025-01-22 06:30
VLAI
Details

Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. A remote attacker may disable the LAN-side firewall function of the affected products, and open specific ports.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-22450"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1242"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-22T06:15:14Z",
    "severity": "HIGH"
  },
  "details": "Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. A remote attacker may disable the LAN-side firewall function of the affected products, and open specific ports.",
  "id": "GHSA-6grv-w576-crgf",
  "modified": "2025-01-22T06:30:47Z",
  "published": "2025-01-22T06:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22450"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN15293958"
    },
    {
      "type": "WEB",
      "url": "https://www.iodata.jp/support/information/2025/01_ud-lt2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C2VH-2VCM-GQJQ

Vulnerability from github – Published: 2024-09-27 03:30 – Updated: 2025-12-08 09:30
VLAI
Details

Sharp NEC Projectors (NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P525ULJL, NP-P525WL, NP-P525WL+, NP-P525WLG, NP-P525WLJL, NP-CG6500UL, NP-CG6500WL, NP-CG6700UL, NP-P605UL, NP-P605UL+, NP-P605ULG, NP-P605ULJL, NP-CA4120X, NP-CA4160W, NP-CA4160X, NP-CA4200U, NP-CA4200W, NP-CA4202W, NP-CA4260X, NP-CA4300X, NP-CA4355X, NP-CD2100U, NP-CD2120X, NP-CD2300X, NP-CR2100X, NP-CR2170W, NP-CR2170X, NP-CR2200U, NP-CR2200W, NP-CR2280X, NP-CR2310X, NP-CR2350X, NP-MC302XG, NP-MC332WG, NP-MC332WJL, NP-MC342XG, NP-MC372X, NP-MC372XG, NP-MC382W, NP-MC382WG, NP-MC422XG, NP-ME342UG, NP-ME372W, NP-ME372WG, NP-ME372WJL, NP-ME382U, NP-ME382UG, NP-ME382UJL, NP-ME402X, NP-ME402XG, NP-ME402XJL, NP-CB4500XL, NP-CG6400UL, NP-CG6400WL, NP-CG6500XL, NP-PE455UL, NP-PE455ULG, NP-PE455WL, NP-PE455WLG, NP-PE505XLG, NP-CB4600U, NP-CF6600U, NP-P474U, NP-P554U, NP-P554U+, NP-P554UG, NP-P554UJL, NP-CG6600UL, NP-P547UL, NP-P547ULG, NP-P547ULJL, NP-P607UL+, NP-P627UL, NP-P627UL+, NP-P627ULG, NP-P627ULJL, NP-PV710UL-B, NP-PV710UL-B1, NP-PV710UL-W, NP-PV710UL-W+, NP-PV710UL-W1, NP-PV730UL-BJL, NP-PV730UL-WJL, NP-PV800UL-B, NP-PV800UL-B+, NP-PV800UL-B1, NP-PV800UL-BJL, NP-PV800UL-W, NP-PV800UL-W+, NP-PV800UL-W1, NP-PV800UL-WJL, NP-CA4200X, NP-CA4265X, NP-CA4300U, NP-CA4300W, NP-CA4305X, NP-CA4400X, NP-CD2125X, NP-CD2200W, NP-CD2300U, NP-CD2310X, NP-CR2105X, NP-CR2200X, NP-CR2205W, NP-CR2300U, NP-CR2300W, NP-CR2315X, NP-CR2400X, NP-MC333XG, NP-MC363XG, NP-MC393WJL, NP-MC423W, NP-MC423WG, NP-MC453X, NP-MC453X, NP-MC453XG, NP-MC453XJL, NP-ME383WG, NP-ME403U, NP-ME403UG, NP-ME403UJL, NP-ME423W, NP-ME423WG, NP-ME423WJL, NP-ME453X, NP-ME453XG, NP-CB4400USL, NP-CB4400WSL, NP-CB4510UL, NP-CB4510WL, NP-CB4510XL, NP-CB4550USL, NP-CB6700UL, NP-CG6510UL, NP-PE456USL, NP-PE456USLG, NP-PE456USLJL, NP-PE456WSLG, NP-PE506UL, NP-PE506ULG, NP-PE506ULJL, NP-PE506WL, NP-PE506WLG, NP-PE506WLJL) allows an attacker to cause a denial-of-service (DoS) condition via SNMP service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7011"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1242"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-27T03:15:02Z",
    "severity": "MODERATE"
  },
  "details": "Sharp NEC Projectors (NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P525ULJL, NP-P525WL, NP-P525WL+, NP-P525WLG, NP-P525WLJL, NP-CG6500UL, NP-CG6500WL, NP-CG6700UL, NP-P605UL, NP-P605UL+, NP-P605ULG, NP-P605ULJL, NP-CA4120X, NP-CA4160W, NP-CA4160X, NP-CA4200U, NP-CA4200W, NP-CA4202W, NP-CA4260X, NP-CA4300X, NP-CA4355X, NP-CD2100U, NP-CD2120X, NP-CD2300X, NP-CR2100X, NP-CR2170W, NP-CR2170X, NP-CR2200U, NP-CR2200W, NP-CR2280X, NP-CR2310X, NP-CR2350X, NP-MC302XG, NP-MC332WG, NP-MC332WJL, NP-MC342XG, NP-MC372X, NP-MC372XG, NP-MC382W, NP-MC382WG, NP-MC422XG, NP-ME342UG, NP-ME372W, NP-ME372WG, NP-ME372WJL, NP-ME382U, NP-ME382UG, NP-ME382UJL, NP-ME402X, NP-ME402XG, NP-ME402XJL, NP-CB4500XL, NP-CG6400UL, NP-CG6400WL, NP-CG6500XL, NP-PE455UL, NP-PE455ULG, NP-PE455WL, NP-PE455WLG, NP-PE505XLG, NP-CB4600U, NP-CF6600U, NP-P474U, NP-P554U, NP-P554U+, NP-P554UG, NP-P554UJL, NP-CG6600UL, NP-P547UL, NP-P547ULG, NP-P547ULJL, NP-P607UL+, NP-P627UL, NP-P627UL+, NP-P627ULG, NP-P627ULJL, NP-PV710UL-B, NP-PV710UL-B1, NP-PV710UL-W, NP-PV710UL-W+, NP-PV710UL-W1, NP-PV730UL-BJL, NP-PV730UL-WJL, NP-PV800UL-B, NP-PV800UL-B+, NP-PV800UL-B1, NP-PV800UL-BJL, NP-PV800UL-W, NP-PV800UL-W+, NP-PV800UL-W1, NP-PV800UL-WJL, NP-CA4200X, NP-CA4265X, NP-CA4300U, NP-CA4300W, NP-CA4305X, NP-CA4400X, NP-CD2125X, NP-CD2200W, NP-CD2300U, NP-CD2310X, NP-CR2105X, NP-CR2200X, NP-CR2205W, NP-CR2300U, NP-CR2300W, NP-CR2315X, NP-CR2400X, NP-MC333XG, NP-MC363XG, NP-MC393WJL, NP-MC423W, NP-MC423WG, NP-MC453X, NP-MC453X, NP-MC453XG, NP-MC453XJL, NP-ME383WG, NP-ME403U, NP-ME403UG, NP-ME403UJL, NP-ME423W, NP-ME423WG, NP-ME423WJL, NP-ME453X, NP-ME453XG, NP-CB4400USL, NP-CB4400WSL, NP-CB4510UL, NP-CB4510WL, NP-CB4510XL, NP-CB4550USL, NP-CB6700UL, NP-CG6510UL, NP-PE456USL, NP-PE456USLG, NP-PE456USLJL, NP-PE456WSLG, NP-PE506UL, NP-PE506ULG, NP-PE506ULJL, NP-PE506WL, NP-PE506WLG, NP-PE506WLJL) allows an attacker to cause a denial-of-service (DoS) condition via SNMP service.",
  "id": "GHSA-c2vh-2vcm-gqjq",
  "modified": "2025-12-08T09:30:17Z",
  "published": "2024-09-27T03:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7011"
    },
    {
      "type": "WEB",
      "url": "https://sharp-displays.jp.sharp/global/support/info/Projector_vulnerability_202408.html"
    },
    {
      "type": "WEB",
      "url": "https://www.sharp-nec-displays.com/global/support/info/Projector_vulnerability_202408.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GP63-XP8X-53G4

Vulnerability from github – Published: 2026-04-16 06:31 – Updated: 2026-04-16 06:31
VLAI
Details

In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3634"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1242"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-16T05:16:12Z",
    "severity": "HIGH"
  },
  "details": "In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability.",
  "id": "GHSA-gp63-xp8x-53g4",
  "modified": "2026-04-16T06:31:23Z",
  "published": "2026-04-16T06:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3634"
    },
    {
      "type": "WEB",
      "url": "https://certvde.com/de/advisories/VDE-2023-020"
    },
    {
      "type": "WEB",
      "url": "https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2023/fsa-202304.json"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

The implementation of chicken bits in a released product is highly discouraged. If implemented at all, ensure that they are disabled in production devices. All interfaces to a device should be documented.

CAPEC-212: Functionality Misuse

An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data.

CAPEC-36: Using Unpublished Interfaces or Functionality

An adversary searches for and invokes interfaces or functionality that the target system designers did not intend to be publicly available. If interfaces fail to authenticate requests, the attacker may be able to invoke functionality they are not authorized for.