CVEs classified under CWE-656, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2026-7161 — CVSS 9.3 (critical): An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5…
CVE-2026-42363 — CVSS 9.3 (critical): An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5…
CVE-2024-12297: Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both…
CVE-2020-10284 — CVSS 9.1 (critical): No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets…
CVE-2025-59093: Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived…
CVE-2024-9138 — CVSS 7.2 (high): Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138…
CVE-2020-10277 — CVSS 6.4 (medium): There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such…
CVE-2025-7020: An incorrect encryption implementation vulnerability exists in the system log dump feature of BYD's DiLink 3.0 OS (e.g. in the model…
CVE-2024-5244 — CVSS 4.2 (medium): TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or…