CVEbaza.plSłownik CWECWE-1242
Common Weakness Enumeration

CWE-1242

Inclusion of Undocumented Features or Chicken Bits

Kategoria: BaseCVE: 14
Opis

Urządzenie zawiera chicken bits lub nieudokumentowane funkcje, które mogą stworzyć punkty wejścia dla nieautoryzowanych użytkowników. Te ukryte możliwości stwarzają zagrożenie bezpieczeństwa poprzez umożliwienie obejścia normalnych mechanizmów kontroli dostępu.

Description (EN)

The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.

Podatności CVE z CWE-1242 (14)
10.0
CVSS
CRITICAL
CVE-2025-12176

W urządzeniach Azure-Access BLU-IC2 oraz BLU-IC4 (firmware do wersji 1.19.5 włącznie) automatycznie tworzone są nieudokumentowane konta administracyjne. Podatność uzyskała maksymalny wynik CVSS 10.0, co czyni ją krytycznym zagrożeniem dla infrastruktury, w której działają te urządzenia.

pub. 2025-10-24
9.8
CVSS
CRITICAL
CVE-2025-55050

Podatność CVE-2025-55050 dotyczy obecności nieudokumentowanych funkcji w oprogramowaniu (CWE-1242), co może umożliwić atakującemu uzyskanie nieautoryzowanego dostępu lub wykonanie niezamierzonych operacji. Ocena CVSS 9.8 wskazuje na krytyczny poziom zagrożenia z możliwością ataku sieciowego bez wymagania uwierzytelnienia.

pub. 2025-09-09
9.3
CVSS
CRITICAL
CVE-2017-20204

Urządzenia DBLTek GoIP (modele GoIP 1, 4, 8, 16 i 32) zawierają nieudokumentowany backdoor producenta w administracyjnym interfejsie Telnet, pozwalający na zdalne uwierzytelnienie bez znajomości hasła. Podatność umożliwia przejęcie pełnej kontroli nad urządzeniem z uprawnieniami root, co czyni ją wyjątkowo niebezpieczną.

pub. 2025-10-15
8.8
CVSS
HIGH
CVE-2023-3634

In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability.

pub. 2026-04-16
8.7
CVSS
HIGH
CVE-2026-24714

Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box.

pub. 2026-01-30
8.7
CVSS
HIGH
CVE-2021-4469

Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the 'snapshot' endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment.

pub. 2025-11-14
8.1
CVSS
HIGH
CVE-2025-41756

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.

pub. 2026-03-09
7.5
CVSS
HIGH
CVE-2025-22450

Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. A remote attacker may disable the LAN-side firewall function of the affected products, and open specific ports.

pub. 2025-01-22
7.5
CVSS
HIGH
CVE-2024-52564

Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered.

pub. 2024-12-05
7.2
CVSS
HIGH
CVE-2024-54457

Inclusion of undocumented features or chicken bits issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to enable telnet service.

pub. 2024-12-18
6.9
CVSS
MEDIUM
CVE-2025-52548

E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the underlying OS.

pub. 2025-09-02
6.5
CVSS
MEDIUM
CVE-2025-41754

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system.

pub. 2026-03-09
6.5
CVSS
MEDIUM
CVE-2024-7011

Sharp NEC Projectors (NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P525ULJL, NP-P525WL, NP-P525WL+, NP-P525WLG, NP-P525WLJL, NP-CG6500UL, NP-CG6500WL, NP-CG6700UL, NP-P605UL, NP-P605UL+, NP-P605ULG, NP-P605ULJL, NP-CA4120X, NP-CA4160W, NP-CA4160X, NP-CA4200U, NP-CA4200W, NP-CA4202W, NP-CA4260X, NP-CA4300X, NP-CA4355X, NP-CD2100U, NP-CD2120X, NP-CD2300X, NP-CR2100X, NP-CR2170W, NP-CR2170X, NP-CR2200U, NP-CR2200W, NP-CR2280X, NP-CR2310X, NP-CR2350X, NP-MC302XG, NP-MC332WG, NP-MC332WJL, NP-MC342XG, NP-MC372X, NP-MC372XG, NP-MC382W, NP-MC382WG, NP-MC422XG, NP-ME342UG, NP-ME372W, NP-ME372WG, NP-ME372WJL, NP-ME382U, NP-ME382UG, NP-ME382UJL, NP-ME402X, NP-ME402XG, NP-ME402XJL, NP-CB4500XL, NP-CG6400UL, NP-CG6400WL, NP-CG6500XL, NP-PE455UL, NP-PE455ULG, NP-PE455WL, NP-PE455WLG, NP-PE505XLG, NP-CB4600U, NP-CF6600U, NP-P474U, NP-P554U, NP-P554U+, NP-P554UG, NP-P554UJL, NP-CG6600UL, NP-P547UL, NP-P547ULG, NP-P547ULJL, NP-P607UL+, NP-P627UL, NP-P627UL+, NP-P627ULG, NP-P627ULJL, NP-PV710UL-B, NP-PV710UL-B1, NP-PV710UL-W, NP-PV710UL-W+, NP-PV710UL-W1, NP-PV730UL-BJL, NP-PV730UL-WJL, NP-PV800UL-B, NP-PV800UL-B+, NP-PV800UL-B1, NP-PV800UL-BJL, NP-PV800UL-W, NP-PV800UL-W+, NP-PV800UL-W1, NP-PV800UL-WJL, NP-CA4200X, NP-CA4265X, NP-CA4300U, NP-CA4300W, NP-CA4305X, NP-CA4400X, NP-CD2125X, NP-CD2200W, NP-CD2300U, NP-CD2310X, NP-CR2105X, NP-CR2200X, NP-CR2205W, NP-CR2300U, NP-CR2300W, NP-CR2315X, NP-CR2400X, NP-MC333XG, NP-MC363XG, NP-MC393WJL, NP-MC423W, NP-MC423WG, NP-MC453X, NP-MC453X, NP-MC453XG, NP-MC453XJL, NP-ME383WG, NP-ME403U, NP-ME403UG, NP-ME403UJL, NP-ME423W, NP-ME423WG, NP-ME423WJL, NP-ME453X, NP-ME453XG, NP-CB4400USL, NP-CB4400WSL, NP-CB4510UL, NP-CB4510WL, NP-CB4510XL, NP-CB4550USL, NP-CB6700UL, NP-CG6510UL, NP-PE456USL, NP-PE456USLG, NP-PE456USLJL, NP-PE456WSLG, NP-PE506UL, NP-PE506ULG, NP-PE506ULJL, NP-PE506WL, NP-PE506WLG, NP-PE506WLJL) allows an attacker to cause a denial-of-service (DoS) condition via SNMP service.

pub. 2024-09-27
6.5
CVSS
MEDIUM
CVE-2024-2103

Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably: SEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay . See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.

pub. 2024-04-04
Informacje
ID: CWE-1242
Typ: Base
Podatności: 14
MITRE CWE ↗
← Słownik CWE
CWE-1242 — Włączenie Nieudokumentowanych Funkcji lub Chicken Bits | Słownik CWE | CVEbaza.pl