CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CVE-2025-9815 (GCVE-0-2025-9815)
Vulnerability from cvelistv5 – Published: 2025-09-02 04:32 – Updated: 2025-09-02 13:51
VLAI
Title
alaneuler batteryKid NSXPCListener PrivilegeHelper.swift missing authentication
Summary
A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be exploited.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.322142 | vdb-entry |
| https://vuldb.com/?ctiid.322142 | signaturepermissions-required |
| https://vuldb.com/?submit.641358 | third-party-advisory |
| https://github.com/SwayZGl1tZyyy/n-days/blob/main… | related |
| https://github.com/SwayZGl1tZyyy/n-days/blob/main… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| alaneuler | batteryKid |
Affected:
2.0
Affected: 2.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9815",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T13:51:19.902572Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T13:51:23.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/SwayZGl1tZyyy/n-days/blob/main/batteryKid/README.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/SwayZGl1tZyyy/n-days/blob/main/batteryKid/README.md#proof-of-concepts"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"NSXPCListener"
],
"product": "batteryKid",
"vendor": "alaneuler",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "SwayZGl1tZyyy (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be exploited."
},
{
"lang": "de",
"value": "In alaneuler batteryKid bis 2.1 auf macOS wurde eine Schwachstelle gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei PrivilegeHelper/PrivilegeHelper.swift der Komponente NSXPCListener. Mit der Manipulation mit unbekannten Daten kann eine missing authentication-Schwachstelle ausgenutzt werden. Der Angriff ist nur lokal m\u00f6glich. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T04:32:06.302Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-322142 | alaneuler batteryKid NSXPCListener PrivilegeHelper.swift missing authentication",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.322142"
},
{
"name": "VDB-322142 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.322142"
},
{
"name": "Submit #641358 | alaneuler batteryKid v2.1 Missing Authentication for Critical Function",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.641358"
},
{
"tags": [
"related"
],
"url": "https://github.com/SwayZGl1tZyyy/n-days/blob/main/batteryKid/README.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/SwayZGl1tZyyy/n-days/blob/main/batteryKid/README.md#proof-of-concepts"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-01T23:11:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "alaneuler batteryKid NSXPCListener PrivilegeHelper.swift missing authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9815",
"datePublished": "2025-09-02T04:32:06.302Z",
"dateReserved": "2025-09-01T21:05:56.893Z",
"dateUpdated": "2025-09-02T13:51:23.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9965 (GCVE-0-2025-9965)
Vulnerability from cvelistv5 – Published: 2025-09-23 11:36 – Updated: 2026-03-31 12:41
VLAI
Title
UDP Service Weak Authentication
Summary
Improper authentication vulnerability in Novakon P series allows unauthenticated attackers to upload and download any application from/to the device.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build
2026.02.06 (commit d0f97fd9).
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
4 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Novakon | P series (P07, P10, P12, P15) |
Affected:
P – V2001.A.c518o2 , ≤ P-V2005
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T19:22:21.494485Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T19:22:30.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:14:25.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/70"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "P series (P07, P10, P12, P15)",
"vendor": "Novakon",
"versions": [
{
"lessThanOrEqual": "P-V2005",
"status": "affected",
"version": "P \u2013 V2001.A.c518o2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "S. Dietz (CyberDanube)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper authentication vulnerability in Novakon P series allows unauthenticated attackers to upload and download any application from/to the device.\u003cp\u003eThis issue affects P series: P \u2013 V2001.A.C518o2 until\u0026nbsp;P-2.0.05 Build\n 2026.02.06 (commit d0f97fd9).\u003c/p\u003e"
}
],
"value": "Improper authentication vulnerability in Novakon P series allows unauthenticated attackers to upload and download any application from/to the device.This issue affects P series: P \u2013 V2001.A.C518o2 until\u00a0P-2.0.05 Build\n 2026.02.06 (commit d0f97fd9)."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T12:41:19.628Z",
"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"shortName": "CyberDanube"
},
"references": [
{
"url": "https://cyberdanube.com/security-research/multiple-vulnerabilities-in-novakon-hmi-series/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.novakon.com.tw/en/news/detail/Security_Advisory__Firmware_Update_Available_for_NOVAKON_P_Series_HMI_Products"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.novakon.com.tw/common/frontend/download?path=/uploads/images/support/download/NOVAKON_P-Series-HMI_Security-Advisory_CVE-2025-9962-9966_Rev2_0.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Service Weak Authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"assignerShortName": "CyberDanube",
"cveId": "CVE-2025-9965",
"datePublished": "2025-09-23T11:36:35.285Z",
"dateReserved": "2025-09-03T20:34:19.829Z",
"dateUpdated": "2026-03-31T12:41:19.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0405 (GCVE-0-2026-0405)
Vulnerability from cvelistv5 – Published: 2026-01-13 16:00 – Updated: 2026-02-26 15:04
VLAI
Title
Authentication Bypass in NETGEAR Orbi Devices
Summary
An authentication bypass vulnerability in NETGEAR Orbi devices allows
users connected to the local network to access the router web interface
as an admin.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
26 references
Impacted products
25 products
| Vendor | Product | Version | |
|---|---|---|---|
| NETGEAR | RBE970 |
Affected:
0 , < v9.13.2.1
(custom)
|
|
| NETGEAR | RBE971 |
Affected:
0 , < v9.13.2.1
(custom)
|
|
| NETGEAR | CBR750 |
Affected:
0 , < V4.6.14.8
(custom)
|
|
| NETGEAR | NBR750 |
Affected:
0 , < V4.6.15.14
(custom)
|
|
| NETGEAR | RBE770 |
Affected:
0 , < v10.5.20.7
(custom)
|
|
| NETGEAR | RBE771 |
Affected:
0 , < v10.5.20.7
(custom)
|
|
| NETGEAR | RBE772 |
Affected:
0 , < v10.5.20.7
(custom)
|
|
| NETGEAR | RBE773 |
Affected:
0 , < v10.5.20.7
(custom)
|
|
| NETGEAR | RBR750 |
Affected:
0 , < v7.2.8.2
(custom)
|
|
| NETGEAR | RBS750 |
Affected:
0 , < v7.2.8.2
(custom)
|
|
| NETGEAR | RBR840 |
Affected:
0 , < v7.2.8.2
(custom)
|
|
| NETGEAR | RBS840 |
Affected:
0 , < v7.2.8.2
(custom)
|
|
| NETGEAR | RBR850 |
Affected:
0 , < v7.2.8.2
(custom)
|
|
| NETGEAR | RBS850 |
Affected:
0 , < v7.2.8.2
(custom)
|
|
| NETGEAR | RBR860 |
Affected:
0 , < v7.2.8.2
(custom)
|
|
| NETGEAR | RBS860 |
Affected:
0 , < v7.2.8.2
(custom)
|
|
| NETGEAR | RBRE950 |
Affected:
0 , < v7.2.8.2
(custom)
|
|
| NETGEAR | RBSE950 |
Affected:
0 , < v7.2.8.2
(custom)
|
|
| NETGEAR | RBRE960 |
Affected:
0 , < v7.2.8.2
(custom)
|
|
| NETGEAR | RBSE960 |
Affected:
0 , < v7.2.8.2
(custom)
|
|
| NETGEAR | RBE370 |
Affected:
0 , < v12.1.3.11
(custom)
|
|
| NETGEAR | RBE371 |
Affected:
0 , < v12.1.3.11
(custom)
|
|
| NETGEAR | RBE372 |
Affected:
0 , < v12.1.3.11
(custom)
|
|
| NETGEAR | RBE373 |
Affected:
0 , < v12.1.3.11
(custom)
|
|
| NETGEAR | RBE374 |
Affected:
0 , < v12.1.3.11
(custom)
|
Date Public
2026-01-13 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0405",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T04:57:26.552144Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:44.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RBE970",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v9.13.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBE971",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v9.13.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CBR750",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V4.6.14.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NBR750",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V4.6.15.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBE770",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v10.5.20.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBE771",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v10.5.20.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBE772",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v10.5.20.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBE773",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v10.5.20.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBR750",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v7.2.8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBS750",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v7.2.8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBR840",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v7.2.8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBS840",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v7.2.8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBR850",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v7.2.8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBS850",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v7.2.8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBR860",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v7.2.8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBS860",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v7.2.8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBRE950",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v7.2.8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBSE950",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v7.2.8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBRE960",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v7.2.8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBSE960",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v7.2.8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBE370",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v12.1.3.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBE371",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v12.1.3.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBE372",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v12.1.3.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBE373",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v12.1.3.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBE374",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v12.1.3.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbe970:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v9.13.2.1",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbe971:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v9.13.2.1",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:cbr750:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v4.6.14.8",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:nbr750:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v4.6.15.14",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbe770:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v10.5.20.7",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbe771:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v10.5.20.7",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbe772:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v10.5.20.7",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbe773:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v10.5.20.7",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr750:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v7.2.8.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs750:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v7.2.8.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr840:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v7.2.8.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs840:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v7.2.8.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr850:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v7.2.8.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs850:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v7.2.8.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr860:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v7.2.8.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs860:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v7.2.8.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbre950:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v7.2.8.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbse950:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v7.2.8.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbre960:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v7.2.8.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbse960:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v7.2.8.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbe370:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v12.1.3.11",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbe371:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v12.1.3.11",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbe372:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v12.1.3.11",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbe373:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v12.1.3.11",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbe374:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v12.1.3.11",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fulaige"
}
],
"datePublic": "2026-01-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eAn authentication bypass vulnerability in NETGEAR Orbi devices allows \nusers connected to the local network to access the router web interface \nas an admin.\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An authentication bypass vulnerability in NETGEAR Orbi devices allows \nusers connected to the local network to access the router web interface \nas an admin."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T16:21:13.069Z",
"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"shortName": "NETGEAR"
},
"references": [
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbe971"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbe970"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/cbr750"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/nbr750"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbe770"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbe771"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbe772"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbe773"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbr750"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbs750"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbr840"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbs840"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbr850"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbs850"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbr860"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbs860"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbre950"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbse950"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbre960"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbse960"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbe370"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbe371"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbe372"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbe373"
},
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/rbe374"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDevices with automatic updates enabled may already have this patch \napplied. If not, please check the firmware version and update it to the \nlatest.\u003c/p\u003e\u003cp\u003eFixed in:\u003c/p\u003e\u003cp\u003e\u003cspan\u003eCBR750 f\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/cbr750\"\u003eirmware V4.6.14.8 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eNBR750 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/nbr750\"\u003efirmware V4.6.15.14 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBE370 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbe370\"\u003efirmware v12.1.3.11 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBE371 \u003c/span\u003e\u003ca href=\"https://www.netgear.com/support/product/rbe371\"\u003efirmware v12.1.3.11 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBE372 \u003c/span\u003e\u003ca href=\"https://www.netgear.com/support/product/rbe372\"\u003efirmware v12.1.3.11 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBE373 \u003c/span\u003e\u003ca href=\"https://www.netgear.com/support/product/rbe373\"\u003efirmware v12.1.3.11 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBE374 \u003c/span\u003e\u003ca href=\"https://www.netgear.com/support/product/rbe374\"\u003efirmware v12.1.3.11 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBE770 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbe770\"\u003efirmware v10.5.20.7 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBE771 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbe771\"\u003efirmware v10.5.20.7 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBE772 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbe772\"\u003efirmware v10.5.20.7 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBE773 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbe773\"\u003efirmware v10.5.20.7 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBE970\u0026nbsp;\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbe970\"\u003efirmware v9.13.2.1 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBE971 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbe971\"\u003efirmware v9.13.2.1 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBR750 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbr750\"\u003efirmware v7.2.8.2 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBR840 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbr840\"\u003efirmware v7.2.8.2 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBR850 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbr850\"\u003efirmware v7.2.8.2 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBR860 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbr860\"\u003efirmware v7.2.8.2 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBS750 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbs750\"\u003efirmware v7.2.8.2 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBS840 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbs840\"\u003efirmware v7.2.8.2 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBS850 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbs850\"\u003efirmware v7.2.8.2 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBS860 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbs860\"\u003efirmware v7.2.8.2 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBRE950 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbre950\"\u003efirmware v7.2.8.2 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBRE960 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbre960\"\u003efirmware v7.2.8.2 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBSE950 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbse950\"\u003efirmware v7.2.8.2 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eRBSE960 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbse960\"\u003efirmware v7.2.8.2 or later\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Devices with automatic updates enabled may already have this patch \napplied. If not, please check the firmware version and update it to the \nlatest.\n\nFixed in:\n\nCBR750 f irmware V4.6.14.8 or later https://www.netgear.com/support/product/cbr750 \nNBR750 firmware V4.6.15.14 or later https://www.netgear.com/support/product/nbr750 \nRBE370 firmware v12.1.3.11 or later https://www.netgear.com/support/product/rbe370 \nRBE371 firmware v12.1.3.11 or later https://www.netgear.com/support/product/rbe371 \nRBE372 firmware v12.1.3.11 or later https://www.netgear.com/support/product/rbe372 \nRBE373 firmware v12.1.3.11 or later https://www.netgear.com/support/product/rbe373 \nRBE374 firmware v12.1.3.11 or later https://www.netgear.com/support/product/rbe374 \nRBE770 firmware v10.5.20.7 or later https://www.netgear.com/support/product/rbe770 \nRBE771 firmware v10.5.20.7 or later https://www.netgear.com/support/product/rbe771 \nRBE772 firmware v10.5.20.7 or later https://www.netgear.com/support/product/rbe772 \nRBE773 firmware v10.5.20.7 or later https://www.netgear.com/support/product/rbe773 \nRBE970\u00a0 firmware v9.13.2.1 or later https://www.netgear.com/support/product/rbe970 \nRBE971 firmware v9.13.2.1 or later https://www.netgear.com/support/product/rbe971 \nRBR750 firmware v7.2.8.2 or later https://www.netgear.com/support/product/rbr750 \nRBR840 firmware v7.2.8.2 or later https://www.netgear.com/support/product/rbr840 \nRBR850 firmware v7.2.8.2 or later https://www.netgear.com/support/product/rbr850 \nRBR860 firmware v7.2.8.2 or later https://www.netgear.com/support/product/rbr860 \nRBS750 firmware v7.2.8.2 or later https://www.netgear.com/support/product/rbs750 \nRBS840 firmware v7.2.8.2 or later https://www.netgear.com/support/product/rbs840 \nRBS850 firmware v7.2.8.2 or later https://www.netgear.com/support/product/rbs850 \nRBS860 firmware v7.2.8.2 or later https://www.netgear.com/support/product/rbs860 \nRBRE950 firmware v7.2.8.2 or later https://www.netgear.com/support/product/rbre950 \nRBRE960 firmware v7.2.8.2 or later https://www.netgear.com/support/product/rbre960 \nRBSE950 firmware v7.2.8.2 or later https://www.netgear.com/support/product/rbse950 \nRBSE960 firmware v7.2.8.2 or later https://www.netgear.com/support/product/rbse960"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass in NETGEAR Orbi Devices",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"assignerShortName": "NETGEAR",
"cveId": "CVE-2026-0405",
"datePublished": "2026-01-13T16:00:48.296Z",
"dateReserved": "2025-12-03T04:16:11.511Z",
"dateUpdated": "2026-02-26T15:04:44.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0407 (GCVE-0-2026-0407)
Vulnerability from cvelistv5 – Published: 2026-01-13 16:01 – Updated: 2026-02-26 15:04
VLAI
Title
Authentication bypass in NETGEAR WiFi Range Extenders via network adjacent attacks
Summary
An insufficient authentication vulnerability in NETGEAR WiFi range
extenders allows a network adjacent attacker with WiFi authentication or
a physical Ethernet port connection to bypass the authentication
process and access the admin panel.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.netgear.com/support/product/ex5000 | productpatch |
| https://www.netgear.com/support/product/ex3110 | productpatch |
| https://www.netgear.com/support/product/ex6110 | productpatch |
| https://www.netgear.com/support/product/ex2800 | productpatch |
| https://kb.netgear.com/000070442/January-2026-NET… | vendor-advisory |
Impacted products
Date Public
2026-01-13 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0407",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T04:57:24.558128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:44.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EX5000",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v1.0.1.82",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EX3110",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v1.0.1.82",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EX6110",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v1.0.1.82",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EX2800",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v1.0.1.82",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex5000:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v1.0.1.82",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex3110:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v1.0.1.82",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex6110:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v1.0.1.82",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex2800:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v1.0.1.82",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mad_Max"
}
],
"datePublic": "2026-01-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn insufficient authentication vulnerability in NETGEAR WiFi range \nextenders allows a network adjacent attacker with WiFi authentication\u0026nbsp;or\n a physical\u0026nbsp;Ethernet port connection to bypass the authentication \nprocess and access the admin panel.\u003c/p\u003e"
}
],
"value": "An insufficient authentication vulnerability in NETGEAR WiFi range \nextenders allows a network adjacent attacker with WiFi authentication\u00a0or\n a physical\u00a0Ethernet port connection to bypass the authentication \nprocess and access the admin panel."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T16:21:52.087Z",
"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"shortName": "NETGEAR"
},
"references": [
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/ex5000"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/ex3110"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/ex6110"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/ex2800"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eManually check the firmware version and update it to the latest.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eFixed in:\u003c/p\u003e\n\n\u003cp\u003e\u003cspan\u003eEX2800\u0026nbsp;\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/ex2800\"\u003efirmware V1.0.1.82 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eEX3110\u0026nbsp;\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/ex3110\"\u003efirmware V1.0.1.82 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eEX5000 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/ex5000\"\u003efirmware V1.0.1.82 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eEX6110\u0026nbsp;\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/ex6110\"\u003efirmware V1.0.1.82 or later\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Manually check the firmware version and update it to the latest.\n\n\n\n\n\nFixed in:\n\n\n\nEX2800\u00a0 firmware V1.0.1.82 or later https://www.netgear.com/support/product/ex2800 \nEX3110\u00a0 firmware V1.0.1.82 or later https://www.netgear.com/support/product/ex3110 \nEX5000 firmware V1.0.1.82 or later https://www.netgear.com/support/product/ex5000 \nEX6110\u00a0 firmware V1.0.1.82 or later https://www.netgear.com/support/product/ex6110"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Authentication bypass in NETGEAR WiFi Range Extenders via network adjacent attacks",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"assignerShortName": "NETGEAR",
"cveId": "CVE-2026-0407",
"datePublished": "2026-01-13T16:01:04.157Z",
"dateReserved": "2025-12-03T04:16:13.882Z",
"dateUpdated": "2026-02-26T15:04:44.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0408 (GCVE-0-2026-0408)
Vulnerability from cvelistv5 – Published: 2026-01-13 16:01 – Updated: 2026-02-26 15:04
VLAI
Title
Path traversal vulnerability in Netgear WiFi Range Extenders
Summary
A path traversal vulnerability in NETGEAR WiFi range extenders allows
an attacker with LAN authentication to access the router's IP and
review the contents of the dynamically generated webproc file, which
records the username and password submitted to the router GUI.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.netgear.com/support/product/ex5000 | productpatch |
| https://www.netgear.com/support/product/ex3110 | productpatch |
| https://www.netgear.com/support/product/ex6110 | productpatch |
| https://www.netgear.com/support/product/ex2800 | productpatch |
| https://kb.netgear.com/000070442/January-2026-NET… | vendor-advisory |
Impacted products
Date Public
2026-01-13 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T04:57:23.537468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:43.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EX5000",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v1.0.1.82",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EX3110",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v1.0.1.82",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EX6110",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v1.0.1.82",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EX2800",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "v1.0.1.82",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex5000:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v1.0.1.82",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex3110:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v1.0.1.82",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex6110:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v1.0.1.82",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:ex2800:*:*:*:*:*:*:*:*",
"versionEndExcluding": "v1.0.1.82",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "chiphazard"
}
],
"datePublic": "2026-01-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA path traversal vulnerability in NETGEAR WiFi range extenders allows\n an attacker with LAN authentication to access the router\u0027s IP and \nreview the contents of the dynamically generated webproc file, which \nrecords the username and password submitted to the router GUI.\u0026nbsp;\u003c/p\u003e"
}
],
"value": "A path traversal vulnerability in NETGEAR WiFi range extenders allows\n an attacker with LAN authentication to access the router\u0027s IP and \nreview the contents of the dynamically generated webproc file, which \nrecords the username and password submitted to the router GUI."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T16:22:13.288Z",
"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"shortName": "NETGEAR"
},
"references": [
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/ex5000"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/ex3110"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/ex6110"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/ex2800"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eManually check the firmware version and update it to the latest.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eFixed in:\u003c/p\u003e\u003cp\u003e\u003cspan\u003eEX2800\u0026nbsp;\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/ex2800\"\u003efirmware V1.0.1.82 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eEX3110\u0026nbsp;\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/ex3110\"\u003efirmware V1.0.1.82 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eEX5000 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/ex5000\"\u003efirmware V1.0.1.82 or later\u003c/a\u003e\u003cbr\u003e\u003cspan\u003eEX6110\u0026nbsp;\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/ex6110\"\u003efirmware V1.0.1.82 or later\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Manually check the firmware version and update it to the latest.\n\n\n\n\n\nFixed in:\n\nEX2800\u00a0 firmware V1.0.1.82 or later https://www.netgear.com/support/product/ex2800 \nEX3110\u00a0 firmware V1.0.1.82 or later https://www.netgear.com/support/product/ex3110 \nEX5000 firmware V1.0.1.82 or later https://www.netgear.com/support/product/ex5000 \nEX6110\u00a0 firmware V1.0.1.82 or later https://www.netgear.com/support/product/ex6110"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path traversal vulnerability in Netgear WiFi Range Extenders",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"assignerShortName": "NETGEAR",
"cveId": "CVE-2026-0408",
"datePublished": "2026-01-13T16:01:11.201Z",
"dateReserved": "2025-12-03T04:16:14.964Z",
"dateUpdated": "2026-02-26T15:04:43.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0558 (GCVE-0-2026-0558)
Vulnerability from cvelistv5 – Published: 2026-03-29 17:53 – Updated: 2026-03-30 15:23
VLAI
Title
Unauthenticated File Upload in parisneo/lollms
Summary
A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the `/api/files/extract-text` endpoint. This endpoint does not enforce authentication, unlike other file-related endpoints, and lacks the `Depends(get_current_active_user)` dependency. This issue can lead to denial of service (DoS) through resource exhaustion, information disclosure, and violation of the application's documented security policies.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| parisneo | parisneo/lollms |
Affected:
unspecified , < 2.2.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0558",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T15:23:04.443086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T15:23:41.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "parisneo/lollms",
"vendor": "parisneo",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the `/api/files/extract-text` endpoint. This endpoint does not enforce authentication, unlike other file-related endpoints, and lacks the `Depends(get_current_active_user)` dependency. This issue can lead to denial of service (DoS) through resource exhaustion, information disclosure, and violation of the application\u0027s documented security policies."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-29T17:53:08.003Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/0a722001-89ce-4c91-b6a6-a55ee5ba2113"
},
{
"url": "https://github.com/parisneo/lollms/commit/a6625dc83786ff21d109b0d545ca61b770607ef3"
}
],
"source": {
"advisory": "0a722001-89ce-4c91-b6a6-a55ee5ba2113",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated File Upload in parisneo/lollms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2026-0558",
"datePublished": "2026-03-29T17:53:08.003Z",
"dateReserved": "2026-01-01T21:43:51.283Z",
"dateUpdated": "2026-03-30T15:23:41.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0589 (GCVE-0-2026-0589)
Vulnerability from cvelistv5 – Published: 2026-01-05 12:02 – Updated: 2026-02-23 08:18 X_Freeware
VLAI
Title
code-projects Online Product Reservation System Administration Backend improper authentication
Summary
A vulnerability was found in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the component Administration Backend. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has been made public and could be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.339499 | vdb-entry |
| https://vuldb.com/?ctiid.339499 | signaturepermissions-required |
| https://vuldb.com/?submit.731127 | third-party-advisory |
| https://github.com/foeCat/CVE/blob/main/OnlinePro… | related |
| https://github.com/foeCat/CVE/blob/main/OnlinePro… | exploit |
| https://code-projects.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Online Product Reservation System |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0589",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T21:14:42.683303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T21:14:52.657Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Administration Backend"
],
"product": "Online Product Reservation System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ho Cherry (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the component Administration Backend. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has been made public and could be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T08:18:46.151Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-339499 | code-projects Online Product Reservation System Administration Backend improper authentication",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.339499"
},
{
"name": "VDB-339499 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.339499"
},
{
"name": "Submit #731127 | code-projects Online Product Reservation System V1.0 Authentication Bypass Issues",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.731127"
},
{
"tags": [
"related"
],
"url": "https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/auth_bypass_admin_panel.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/auth_bypass_admin_panel.md#poc"
},
{
"tags": [
"product"
],
"url": "https://code-projects.org/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2026-01-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-01-04T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-01-06T11:05:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects Online Product Reservation System Administration Backend improper authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-0589",
"datePublished": "2026-01-05T12:02:06.235Z",
"dateReserved": "2026-01-04T18:06:27.713Z",
"dateUpdated": "2026-02-23T08:18:46.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0629 (GCVE-0-2026-0629)
Vulnerability from cvelistv5 – Published: 2026-01-16 17:24 – Updated: 2026-02-26 14:44
VLAI
Title
Authentication Bypass in Password Recovery Feature via Local Web App on Multiple VIGI Cameras
Summary
Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to the device, compromising configuration and network security.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.vigi.com/us/support/download/ | patch |
| https://www.vigi.com/en/support/download/ | patch |
| https://www.vigi.com/in/support/download/ | patch |
| https://www.tp-link.com/us/support/faq/4906/ | vendor-advisory |
Impacted products
34 products
| Vendor | Product | Version | |
|---|---|---|---|
| TP-Link Systems Inc. | VIGI InSight Sx45 Series (S245/S345/S445) |
Affected:
0 , < 3.1.0_Build_250820_Rel.57668n
(custom)
|
|
| TP-Link Systems Inc. | VIGI Cx45 Series (C345/C445) |
Affected:
0 , < 3.1.0_Build_250820_Rel.57668n
(custom)
|
|
| TP-Link Systems Inc. | VIGI InSight Sx55 Series (S355/S455) |
Affected:
0 , < 3.1.0_Build_250820_Rel.58873n
(custom)
|
|
| TP-Link Systems Inc. | VIGI Cx55 Series (C355/C455) |
Affected:
0 , < 3.1.0_Build_250820_Rel.58873n
(custom)
|
|
| TP-Link Systems Inc. | VIGI InSight Sx85 Series (S285/S385) |
Affected:
0 , < 3.0.2_Build_250630_Rel.71279n
(custom)
|
|
| TP-Link Systems Inc. | VIGI Cx85 Series (C385/C485) |
Affected:
0 , < 3.0.2_Build_250630_Rel.71279n
(custom)
|
|
| TP-Link Systems Inc. | VIGI InSight S655I |
Affected:
0 , < 1.1.1_Build_250625_Rel.64224n
(custom)
|
|
| TP-Link Systems Inc. | VIGI InSight Sx45ZI Series (S245ZI/S345ZI/S445ZI) |
Affected:
0 , < 1.2.0_Build_250820_Rel.60930n
(custom)
|
|
| TP-Link Systems Inc. | VIGI InSight Sx85PI Series (S385PI/S485PI) |
Affected:
0 , < 1.2.0_Build_250827_Rel.66817n
(custom)
|
|
| TP-Link Systems Inc. | VIGI C340S |
Affected:
0 , < 3.1.0_Build_250625_Rel.65381n
(custom)
|
|
| TP-Link Systems Inc. | VIGI C540S / EasyCam C540S |
Affected:
0 , < 3.1.0_Build_250625_Rel.66601n
(custom)
|
|
| TP-Link Systems Inc. | VIGI C540V |
Affected:
0 , < 2.1.0_Build_250702_Rel.54300n
(custom)
|
|
| TP-Link Systems Inc. | VIGI C250 |
Affected:
0 , < 2.1.0_Build_250702_Rel.54301n
(custom)
|
|
| TP-Link Systems Inc. | VIGI Cx50 Series (C350/C450) |
Affected:
0 , < 2.1.0_Build_250702_Rel.54294n
(custom)
|
|
| TP-Link Systems Inc. | VIGI Cx20I 1.0 Series (C220I 1.0/C320I 1.0/C420I 1.0) |
Affected:
0 , < 2.1.0_Build_251014_Rel.58331n
(custom)
|
|
| TP-Link Systems Inc. | VIGI Cx20I 1.20 Series (C220I 1.20/C320I 1.20/C420I 1.20) |
Affected:
0 , < 2.1.0_Build_250701_Rel.44071n
(custom)
|
|
| TP-Link Systems Inc. | VIGI Cx30I 1.0 Series (C230I 1.0/C330I 1.0/C430I 1.0) |
Affected:
0 , < 2.1.0_Build_250701_Rel.45506n
(custom)
|
|
| TP-Link Systems Inc. | VIGI Cx30I 1.20 Series (C230I 1.20/C330I 1.20/C430I 1.20) |
Affected:
0 , < 2.1.0_Build_250701_Rel.44555n
(custom)
|
|
| TP-Link Systems Inc. | VIGI Cx40I 1.0 Series (C240I 1.0/C340I 1.0/C440I 1.0) |
Affected:
0 , < 2.1.0_Build_250701_Rel.46003n
(custom)
|
|
| TP-Link Systems Inc. | VIGI Cx40I 1.20 Series (C240I 1.20/C340I 1.20/C440I 1.20) |
Affected:
0 , < 2.1.0_Build_250701_Rel.45041n
(custom)
|
|
| TP-Link Systems Inc. | VIGI Cx30 1.0 Series (C230 1.0/C330 1.0/C430 1.0) |
Affected:
0 , < 2.1.0_Build_250701_Rel.46796n
(custom)
|
|
| TP-Link Systems Inc. | VIGI Cx30 1.20 Series (C230 1.20/C330 1.20/C430 1.20) |
Affected:
0 , < 2.1.0_Build_250701_Rel.46796n
(custom)
|
|
| TP-Link Systems Inc. | VIGI C230I Mini |
Affected:
0 , < 2.1.0_Build_250701_Rel.47570n
(custom)
|
|
| TP-Link Systems Inc. | VIGI C240 1.0 |
Affected:
0 , < 2.1.0_Build_250701_Rel.48425n
(custom)
|
|
| TP-Link Systems Inc. | VIGI C340 2.0 |
Affected:
0 , < 2.1.0_Build_250701_Rel.49304n
(custom)
|
|
| TP-Link Systems Inc. | VIGI C440 2.0 |
Affected:
0 , < 2.1.0_Build_250701_Rel.49778n
(custom)
|
|
| TP-Link Systems Inc. | VIGI C540 2.0 |
Affected:
0 , < 2.1.0_Build_250701_Rel.50397n
(custom)
|
|
| TP-Link Systems Inc. | VIGI C540-4G |
Affected:
0 , < 2.2.0_Build_250826_Rel.56808n
(custom)
|
|
| TP-Link Systems Inc. | VIGI C340-W 2.x Series (C340-W 2.0/C340-W 2.20) |
Affected:
0 , < 2.1.1_Build_250717_Rel.66528n
(custom)
|
|
| TP-Link Systems Inc. | VIGI C440-W 2.0 |
Affected:
0 , < 2.1.1_Build_250717_Rel.66632n
(custom)
|
|
| TP-Link Systems Inc. | VIGI C540-W 2.0 |
Affected:
0 , < 2.1.1_Build_250717_Rel.67730n
(custom)
|
|
| TP-Link Systems Inc. | VIGI InSight S345-4G |
Affected:
0 , < 2.1.0_Build_250725_Rel.36867n
(custom)
|
|
| TP-Link Systems Inc. | VIGI InSight Sx25 Series (S225/S325/S425) |
Affected:
0 , < 1.1.0_Build_250630_Rel.39597n
(custom)
|
|
| TP-Link Systems Inc. | VIGI Cx20 Series (C320/C420) |
Affected:
0 , < 2.1.0_Build_250701_Rel.39597n
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0629",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-17T04:55:24.535713Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:46.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI InSight Sx45 Series (S245/S345/S445)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "3.1.0_Build_250820_Rel.57668n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI Cx45 Series (C345/C445)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "3.1.0_Build_250820_Rel.57668n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI InSight Sx55 Series (S355/S455)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "3.1.0_Build_250820_Rel.58873n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI Cx55 Series (C355/C455)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "3.1.0_Build_250820_Rel.58873n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI InSight Sx85 Series (S285/S385)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "3.0.2_Build_250630_Rel.71279n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI Cx85 Series (C385/C485)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "3.0.2_Build_250630_Rel.71279n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI InSight S655I",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.1.1_Build_250625_Rel.64224n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI InSight Sx45ZI Series (S245ZI/S345ZI/S445ZI)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.0_Build_250820_Rel.60930n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI InSight Sx85PI Series (S385PI/S485PI)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.2.0_Build_250827_Rel.66817n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI C340S",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "3.1.0_Build_250625_Rel.65381n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI C540S / EasyCam C540S",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "3.1.0_Build_250625_Rel.66601n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI C540V",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.0_Build_250702_Rel.54300n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI C250",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.0_Build_250702_Rel.54301n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI Cx50 Series (C350/C450)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.0_Build_250702_Rel.54294n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI Cx20I 1.0 Series (C220I 1.0/C320I 1.0/C420I 1.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.0_Build_251014_Rel.58331n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI Cx20I 1.20 Series (C220I 1.20/C320I 1.20/C420I 1.20)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.0_Build_250701_Rel.44071n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI Cx30I 1.0 Series (C230I 1.0/C330I 1.0/C430I 1.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.0_Build_250701_Rel.45506n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI Cx30I 1.20 Series (C230I 1.20/C330I 1.20/C430I 1.20)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.0_Build_250701_Rel.44555n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI Cx40I 1.0 Series (C240I 1.0/C340I 1.0/C440I 1.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.0_Build_250701_Rel.46003n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI Cx40I 1.20 Series (C240I 1.20/C340I 1.20/C440I 1.20)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.0_Build_250701_Rel.45041n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI Cx30 1.0 Series (C230 1.0/C330 1.0/C430 1.0)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.0_Build_250701_Rel.46796n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI Cx30 1.20 Series (C230 1.20/C330 1.20/C430 1.20)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.0_Build_250701_Rel.46796n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI C230I Mini",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.0_Build_250701_Rel.47570n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI C240 1.0",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.0_Build_250701_Rel.48425n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI C340 2.0",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.0_Build_250701_Rel.49304n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI C440 2.0",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.0_Build_250701_Rel.49778n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI C540 2.0",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.0_Build_250701_Rel.50397n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI C540-4G",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.2.0_Build_250826_Rel.56808n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI C340-W 2.x Series (C340-W 2.0/C340-W 2.20)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.1_Build_250717_Rel.66528n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI C440-W 2.0",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.1_Build_250717_Rel.66632n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI C540-W 2.0",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.1_Build_250717_Rel.67730n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI InSight S345-4G",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.0_Build_250725_Rel.36867n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI InSight Sx25 Series (S225/S325/S425)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.1.0_Build_250630_Rel.39597n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Web app"
],
"product": "VIGI Cx20 Series (C320/C420)",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "2.1.0_Build_250701_Rel.39597n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to the device, compromising configuration and network security.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to the device, compromising configuration and network security."
}
],
"impacts": [
{
"capecId": "CAPEC-207",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-207 Removing Important Client Functionality"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T17:53:30.225Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.vigi.com/us/support/download/"
},
{
"tags": [
"patch"
],
"url": "https://www.vigi.com/en/support/download/"
},
{
"tags": [
"patch"
],
"url": "https://www.vigi.com/in/support/download/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4906/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass in Password Recovery Feature via Local Web App on Multiple VIGI Cameras",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-0629",
"datePublished": "2026-01-16T17:24:39.370Z",
"dateReserved": "2026-01-06T00:07:04.905Z",
"dateUpdated": "2026-02-26T14:44:46.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0633 (GCVE-0-2026-0633)
Vulnerability from cvelistv5 – Published: 2026-01-24 08:26 – Updated: 2026-04-08 17:26
VLAI
Title
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value
Summary
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.1.0. This is due to the use of a forgeable cookie value derived only from the entry ID and current user ID without a server-side secret. This makes it possible for unauthenticated attackers to access form submission entry data via MetForm shortcodes for entries created within the transient TTL (default is 15 minutes).
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor |
Affected:
0 , ≤ 4.1.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T17:47:49.095336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T17:47:55.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MetForm \u2013 Contact Form, Survey, Quiz, \u0026 Custom Form Builder for Elementor",
"vendor": "roxnor",
"versions": [
{
"lessThanOrEqual": "4.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "M Indra Purnama"
}
],
"descriptions": [
{
"lang": "en",
"value": "The MetForm \u2013 Contact Form, Survey, Quiz, \u0026 Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.1.0. This is due to the use of a forgeable cookie value derived only from the entry ID and current user ID without a server-side secret. This makes it possible for unauthenticated attackers to access form submission entry data via MetForm shortcodes for entries created within the transient TTL (default is 15 minutes)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:26:32.469Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d72cc420-1ff5-403b-b4ea-7c820fdebcf3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3438419/metform"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-06T01:36:21.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-01-23T19:35:07.000Z",
"value": "Disclosed"
}
],
"title": "MetForm \u2013 Contact Form, Survey, Quiz, \u0026 Custom Form Builder for Elementor \u003c= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-0633",
"datePublished": "2026-01-24T08:26:35.777Z",
"dateReserved": "2026-01-06T01:17:56.319Z",
"dateUpdated": "2026-04-08T17:26:32.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0842 (GCVE-0-2026-0842)
Vulnerability from cvelistv5 – Published: 2026-01-11 08:02 – Updated: 2026-02-23 08:30
VLAI
Title
Flycatcher Toys smART Sketcher Bluetooth Low Energy missing authentication
Summary
A flaw has been found in Flycatcher Toys smART Sketcher up to 2.0. This affects an unknown part of the component Bluetooth Low Energy Interface. This manipulation causes missing authentication. The attack can only be done within the local network. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.340442 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.340442 | signaturepermissions-required |
| https://vuldb.com/?submit.729134 | third-party-advisory |
| https://github.com/davidrxchester/smart-sketcher-… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Flycatcher Toys | smART Sketcher |
Affected:
2.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0842",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T17:30:00.435842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T17:50:26.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Bluetooth Low Energy Interface"
],
"product": "smART Sketcher",
"vendor": "Flycatcher Toys",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "davidrochester (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Flycatcher Toys smART Sketcher up to 2.0. This affects an unknown part of the component Bluetooth Low Energy Interface. This manipulation causes missing authentication. The attack can only be done within the local network. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T08:30:28.781Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-340442 | Flycatcher Toys smART Sketcher Bluetooth Low Energy missing authentication",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.340442"
},
{
"name": "VDB-340442 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.340442"
},
{
"name": "Submit #729134 | Flycatcher Toys smART Sketcher 2.0 0/1/2 Missing Authentication for Critical Function",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.729134"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/davidrxchester/smart-sketcher-upload/blob/main/smartsketch-upload.py"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-01-10T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-01-12T15:47:33.000Z",
"value": "VulDB entry last update"
}
],
"title": "Flycatcher Toys smART Sketcher Bluetooth Low Energy missing authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-0842",
"datePublished": "2026-01-11T08:02:06.221Z",
"dateReserved": "2026-01-10T09:52:57.730Z",
"dateUpdated": "2026-02-23T08:30:28.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use an authentication framework or library such as the OWASP ESAPI Authentication feature.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
CAPEC-115: Authentication Bypass
An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.
CAPEC-151: Identity Spoofing
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
CAPEC-194: Fake the Source of Data
An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.
CAPEC-593: Session Hijacking
This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.
CAPEC-633: Token Impersonation
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
CAPEC-650: Upload a Web Shell to a Web Server
By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.