CVE-2017-14005

HIGH Year: 2017
CVSS v3 Score
8.8
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-620
View all →

Vulnerability Description

An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user's password, enabling future access and possible configuration changes.

Related Vulnerabilities

CVE-2018-8916

HIGH
CVSS:8.8(High)

Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.

CWE-6202018

CVE-2022-21934

HIGH
CVSS:8.8(High)

Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS...

CWE-6202022

CVE-2024-33699

HIGH
CVSS:8.8(High)

The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the administrator password and gain higher privileges without the curre...

CWE-6202024

CVE-2025-3607

HIGH
CVSS:8.8(High)

The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not pr...

CWE-6202025

CVE-2020-7378

CRITICAL
CVSS:9.1(Critical)

CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the passw...

CWE-6202020

CVE-2024-28143

HIGH
CVSS:8.4(High)

The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcefully set a new p...

CWE-6202024