CWE-1242
AllowedInclusion of Undocumented Features or Chicken Bits
Abstraction: Base · Status: Incomplete
The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.
27 vulnerabilities reference this CWE, most recent first.
GHSA-J6M3-M3QR-P3PM
Vulnerability from github – Published: 2025-09-09 21:30 – Updated: 2025-09-09 21:30CWE-1242: Inclusion of Undocumented Features
{
"affected": [],
"aliases": [
"CVE-2025-55050"
],
"database_specific": {
"cwe_ids": [
"CWE-1242"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-09T19:15:54Z",
"severity": "CRITICAL"
},
"details": "CWE-1242: Inclusion of Undocumented Features",
"id": "GHSA-j6m3-m3qr-p3pm",
"modified": "2025-09-09T21:30:27Z",
"published": "2025-09-09T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55050"
},
{
"type": "WEB",
"url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JF99-74QP-89MX
Vulnerability from github – Published: 2026-01-30 06:30 – Updated: 2026-01-30 06:30Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box.
{
"affected": [],
"aliases": [
"CVE-2026-24714"
],
"database_specific": {
"cwe_ids": [
"CWE-1242"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-30T05:16:33Z",
"severity": "HIGH"
},
"details": "Some end of service NETGEAR products provide \"TelnetEnable\" functionality, which allows a magic packet to activate telnet service on the box.",
"id": "GHSA-jf99-74qp-89mx",
"modified": "2026-01-30T06:30:15Z",
"published": "2026-01-30T06:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24714"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN46722282"
},
{
"type": "WEB",
"url": "https://www.netgear.com/about/eos"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PF3M-QW97-HPVM
Vulnerability from github – Published: 2025-10-01 18:30 – Updated: 2025-10-01 18:30E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the underlying OS.
{
"affected": [],
"aliases": [
"CVE-2025-52548"
],
"database_specific": {
"cwe_ids": [
"CWE-1242"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-02T12:15:37Z",
"severity": "MODERATE"
},
"details": "E3 Site Supervisor Control (firmware version \u003c 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the underlying OS.",
"id": "GHSA-pf3m-qw97-hpvm",
"modified": "2025-10-01T18:30:38Z",
"published": "2025-10-01T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52548"
},
{
"type": "WEB",
"url": "https://www.armis.com/research/frostbyte10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PJ28-H6VH-G59W
Vulnerability from github – Published: 2025-10-24 18:31 – Updated: 2025-11-10 15:31Undocumented administrative accounts were getting created to facilitate access for applications running on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
{
"affected": [],
"aliases": [
"CVE-2025-12176"
],
"database_specific": {
"cwe_ids": [
"CWE-1242"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-24T16:15:36Z",
"severity": "CRITICAL"
},
"details": "Undocumented administrative accounts were getting created to facilitate access for applications running on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.",
"id": "GHSA-pj28-h6vh-g59w",
"modified": "2025-11-10T15:31:02Z",
"published": "2025-10-24T18:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12176"
},
{
"type": "WEB",
"url": "https://azure-access.com/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-R596-GGC2-8M6G
Vulnerability from github – Published: 2024-04-04 18:30 – Updated: 2024-04-04 18:30Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably: SEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay
. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.
{
"affected": [],
"aliases": [
"CVE-2024-2103"
],
"database_specific": {
"cwe_ids": [
"CWE-1242"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-04T16:15:08Z",
"severity": "MODERATE"
},
"details": "\nInclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:\nSEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay\n\n. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.\n\n",
"id": "GHSA-r596-ggc2-8m6g",
"modified": "2024-04-04T18:30:33Z",
"published": "2024-04-04T18:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2103"
},
{
"type": "WEB",
"url": "https://selinc.com/support/security-notifications/external-reports"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VQFP-5PRQ-MXXW
Vulnerability from github – Published: 2026-03-09 09:30 – Updated: 2026-03-09 09:30A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system.
{
"affected": [],
"aliases": [
"CVE-2025-41754"
],
"database_specific": {
"cwe_ids": [
"CWE-1242"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-09T09:15:58Z",
"severity": "MODERATE"
},
"details": "A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system.",
"id": "GHSA-vqfp-5prq-mxxw",
"modified": "2026-03-09T09:30:30Z",
"published": "2026-03-09T09:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41754"
},
{
"type": "WEB",
"url": "https://www.mbs-solutions.de/mbs-2025-0001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X9HR-JX5X-V454
Vulnerability from github – Published: 2024-12-18 09:31 – Updated: 2024-12-18 09:31Inclusion of undocumented features or chicken bits issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to enable telnet service.
{
"affected": [],
"aliases": [
"CVE-2024-54457"
],
"database_specific": {
"cwe_ids": [
"CWE-1242"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-18T07:15:08Z",
"severity": "HIGH"
},
"details": "Inclusion of undocumented features or chicken bits issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to enable telnet service.",
"id": "GHSA-x9hr-jx5x-v454",
"modified": "2024-12-18T09:31:35Z",
"published": "2024-12-18T09:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54457"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU91084137"
},
{
"type": "WEB",
"url": "https://www.fxc.jp/news/20241213"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
The implementation of chicken bits in a released product is highly discouraged. If implemented at all, ensure that they are disabled in production devices. All interfaces to a device should be documented.
CAPEC-212: Functionality Misuse
An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data.
CAPEC-36: Using Unpublished Interfaces or Functionality
An adversary searches for and invokes interfaces or functionality that the target system designers did not intend to be publicly available. If interfaces fail to authenticate requests, the attacker may be able to invoke functionality they are not authorized for.