CVEs classified under CWE-912, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-3587 — CVSS 10.0 (critical): An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full…
CVE-2024-39754 — CVSS 10.0 (critical): A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network…
CVE-2026-33280 — CVSS 9.8 (critical): Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging…
CVE-2010-20103 — CVSS 9.8 (critical): A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The…
CVE-2024-45697 — CVSS 9.8 (critical): Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in…
CVE-2024-28011 — CVSS 9.8 (critical): Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP…
CVE-2023-24108 — CVSS 9.8 (critical): MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package…
CVE-2022-47767 — CVSS 9.8 (critical): A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This…
CVE-2022-46997 — CVSS 9.8 (critical): Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. This…
CVE-2022-46996 — CVSS 9.8 (critical): vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request…
CVE-2022-3203 — CVSS 9.8 (critical): On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to…
CVE-2021-24867 — CVSS 9.8 (critical): Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised…
CVE-2021-43987 — CVSS 9.8 (critical): An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web…
CVE-2020-16204 — CVSS 9.8 (critical): The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as…
CVE-2025-11544: Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run…
CVE-2020-14487 — CVSS 9.4 (critical): OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this…
CVE-2026-30704 — CVSS 9.1 (critical): The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an unprotected UART interface through accessible hardware pads on the PCB
CVE-2024-3016 — CVSS 9.1 (critical): NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system…
CVE-2022-3843 — CVSS 9.1 (critical): In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an…
CVE-2024-10773 — CVSS 9.0 (critical): The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an…
CVE-2026-31847 — CVSS 8.8 (high): Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote…
CVE-2024-47001 — CVSS 8.8 (high): Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated…
CVE-2024-45696 — CVSS 8.8 (high): Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can…
CVE-2023-40158 — CVSS 8.8 (high): Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the…
CVE-2023-25183 — CVSS 8.3 (high): In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to…
CVE-2025-48416 — CVSS 8.1 (high): An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user…
CVE-2020-28593 — CVSS 8.1 (high): A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially…
CVE-2025-1204: The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing…
CVE-2025-0675 — CVSS 7.5 (high): Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure.
CVE-2025-0626 — CVSS 7.5 (high): The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing…
CVE-2024-5633: Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the…
CVE-2024-22044 — CVSS 7.5 (high): A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) (All versions). Affected devices expose…
CVE-2026-7413 — CVSS 7.2 (high): A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to…
CVE-2025-58778 — CVSS 7.2 (high): Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and…
CVE-2025-11673 — CVSS 7.2 (high): SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden…
CVE-2022-38452 — CVSS 7.2 (high): A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A…
CVE-2022-36429 — CVSS 7.2 (high): A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A…
CVE-2025-26412 — CVSS 6.8 (medium): The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on…
CVE-2023-42134 — CVSS 6.8 (medium): PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and…
CVE-2022-1741 — CVSS 6.8 (medium): The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to…
CVE-2025-48418 — CVSS 6.7 (medium): A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0…
CVE-2026-1741 — CVSS 6.6 (medium): A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi…
CVE-2025-2894 — CVSS 6.6 (medium): The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented…
CVE-2024-37990 — CVSS 6.5 (medium): A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI…
CVE-2023-22316 — CVSS 6.5 (medium): Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker…
CVE-2025-9382 — CVSS 6.4 (medium): A weakness has been identified in FNKvision Y215 CCTV Camera 10.194.120.40. This vulnerability affects unknown code of the file…
CVE-2025-8938 — CVSS 6.3 (medium): A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of…