CWE-489
75 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-489page 1 of 2
- CVE-2018-5454HIGHCVSS 8.1EG 8.12018-03-26
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime.
- CVE-2019-10939CRITICALCVSS 9.8EG 9.82020-04-14
A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3), TIM…
- CVE-2020-25156HIGHCVSS 7.2EG 7.22022-04-14
Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root.
- CVE-2020-5756HIGHCVSS 8.8EG 8.82020-07-17
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.
- CVE-2020-5763HIGHCVSS 8.8EG 8.82020-07-29
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt.
- CVE-2020-8320MEDIUMCVSS 6.4EG 6.42020-06-09
An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.
- CVE-2020-8477HIGHCVSS 8.8EG 8.82020-04-22
The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead…
- CVE-2021-1381MEDIUMCVSS 6.1EG 6.12021-03-24
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insuffici…
- CVE-2021-1391MEDIUMCVSS 5.1EG 5.12021-03-24
A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and veri…
- CVE-2021-1398MEDIUMCVSS 6.8EG 6.82021-03-24
A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitrary code on the underlying Linux operatin…
- CVE-2021-23861MEDIUMCVSS 6.5EG 6.52021-12-08
By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations o…
- CVE-2021-33591HIGHCVSS 8.8EG 8.82021-05-28
An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
- CVE-2021-3971MEDIUMCVSS 6.7EG 6.72022-04-22
A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware pro…
- CVE-2021-3972MEDIUMCVSS 6.7EG 6.72022-04-22
A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modi…
- CVE-2021-40419HIGHCVSS 7.5EG 7.52022-01-28
A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to tr…
- CVE-2022-20649HIGHCVSS 8.1EG 8.12024-11-15
A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container…
- CVE-2022-25995HIGHCVSS 8.8EG 8.82022-05-12
A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to…
- CVE-2022-26023MEDIUMCVSS 6.5EG 6.52022-11-09
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence …
- CVE-2022-27597LOWCVSS 2.7EG 4.32023-03-29
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating …
- CVE-2022-28689HIGHCVSS 8.8EG 8.82022-11-09
A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of request…
- CVE-2022-29481MEDIUMCVSS 6.5EG 6.52022-11-09
A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence o…
- CVE-2022-29520CRITICALCVSS 9.8EG 9.82022-10-25
An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XM…
- CVE-2022-29888HIGHCVSS 8.1EG 8.12022-11-09
A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request t…
- CVE-2022-30543HIGHCVSS 8.8EG 8.82022-11-09
A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a seq…
- CVE-2022-32585CRITICALCVSS 9.8EG 9.82022-06-30
A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vuln…
- CVE-2022-32760HIGHCVSS 7.5EG 7.52022-10-25
A denial of service vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to denial of service. An attacker can send a malicious XML payl…
- CVE-2022-33323HIGHCVSS 7.5EG 7.52023-02-02
Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass thr…
- CVE-2022-33971HIGHCVSS 7.5EG 7.52022-07-04
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller…
- CVE-2022-38453LOWCVSS 3.0EG 4.42022-09-13
Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debug_info' compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive c…
- CVE-2022-38715HIGHCVSS 8.8EG 8.82023-01-26
A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trig…
- CVE-2022-45677CRITICALCVSS 9.8EG 9.82023-02-21
SQL Injection Vulnerability in tanujpatra228 Tution Management System (TMS) via the email parameter to processes/student_login.process.php.
- CVE-2022-46156HIGHCVSS 7.2EG 7.22022-11-30
The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in t…
- CVE-2023-0954HIGHCVSS 8.3EG 8.32023-06-08
A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack.
- CVE-2023-1618HIGHCVSS 7.5EG 7.52023-05-19
Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Serial number 2310 **** and prior allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected modul…
- CVE-2023-21496MEDIUMCVSS 6.1EG 6.12023-05-04
Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level.
- CVE-2023-22357CRITICALCVSS 9.8EG 9.82023-01-17
Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of t…
- CVE-2023-32645CRITICALCVSS 9.8EG 9.82023-10-11
A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger …
- CVE-2023-34346CRITICALCVSS 9.8EG 9.82023-10-11
A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger t…
- CVE-2023-4227MEDIUMCVSS 5.3EG 5.32023-08-24
A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security…
- CVE-2023-4804CRITICALCVSS 10.0EG 10.02023-11-10
An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.
- CVE-2023-49593HIGHCVSS 7.2EG 7.22024-07-08
Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A specially crafted network request can lead to arbitrary command execution.
- CVE-2024-21785CRITICALCVSS 9.8EG 9.82024-05-28
A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequen…
- CVE-2024-21827HIGHCVSS 7.2EG 7.22024-06-25
A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execut…
- CVE-2024-28008CRITICALCVSS 9.8EG 9.82024-03-28
Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP…
- CVE-2024-29075MEDIUMCVSS 4.6EG 4.62024-11-12
Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain or alter the settings of the device .
- CVE-2024-29511HIGHCVSS 7.5EG 7.52024-07-03
Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use de…
- CVE-2024-30219MEDIUMCVSS 6.8EG 6.82024-04-15
Active debug code vulnerability exists in PLANEX COMMUNICATIONS wireless LAN routers. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be performed. Note that MZ…
- CVE-2024-31406HIGHCVSS 8.8EG 8.82024-04-24
Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may perform unauthorized operations.
- CVE-2024-32047CRITICALCVSS 9.8EG 9.82024-05-15
Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production server.
- CVE-2024-36475HIGHCVSS 8.8EG 7.22024-07-17
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and …
Map vulnerabilities like CWE-489 to your infrastructure
EchelonGraph correlates every CVE — across CWE-489 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →