CVEs classified under CWE-1242, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2025-12176 — CVSS 9.8 (critical): Undocumented administrative accounts were getting created to facilitate access for applications running on board.This issue affects…
CVE-2017-20204: DBLTek GoIP devices (models GoIP 1, 4, 8, 16, and 32) contain an undocumented vendor backdoor in the Telnet administrative interface that…
CVE-2023-3634 — CVSS 8.8 (high): In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test…
CVE-2025-41756 — CVSS 8.1 (high): A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write…
CVE-2026-24714 — CVSS 7.5 (high): Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the…
CVE-2025-22450 — CVSS 7.5 (high): Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. A remote attacker may disable the LAN-side…
CVE-2024-52564 — CVSS 7.5 (high): Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8…
CVE-2024-54457 — CVSS 7.2 (high): Inclusion of undocumented features or chicken bits issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware…
CVE-2025-41754 — CVSS 6.5 (medium): A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read…
CVE-2024-2103 — CVSS 6.5 (medium): Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer…
CVE-2025-52548 — CVSS 4.9 (medium): E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and…