CVE-2017-2914

CRITICAL Year: 2017
CVSS v3 Score
9.0
Critical
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-287
View all →

Vulnerability Description

An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs network connectivity to the device to trigger this vulnerability.

Related Vulnerabilities

CVE-2020-2018

CRITICAL
CVSS:9.0(Critical)

An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewa...

CWE-2872020

CVE-2020-4427

CRITICAL
CVSS:9.0(Critical)

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafte...

CWE-2872020

CVE-2020-7293

CRITICAL
CVSS:9.0(Critical)

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access con...

CWE-2872020

CVE-2021-27610

CRITICAL
CVSS:9.0(Critical)

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and d...

CWE-2872021

CVE-2021-45917

CRITICAL
CVSS:9.0(Critical)

The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local re...

CWE-2872021