CWE-656
11 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-656page 1 of 1
- CVE-2020-10277MEDIUMCVSS 6.4EG 6.42020-06-24
There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on th…
- CVE-2020-10284CRITICALCVSS 9.1EG 9.12020-07-15
No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the men…
- CVE-2020-10286HIGHCVSS 8.8EG 8.82020-07-15
the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that dis…
- CVE-2024-12297CRITICALCVSS 9.2EG 0.02025-01-15
Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in…
- CVE-2024-5244MEDIUMCVSS 4.2EG 4.22024-05-23
TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not…
- CVE-2024-9138HIGHCVSS 7.2EG 7.22025-01-03
Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privile…
- CVE-2025-25983LOWCVSS 3.4EG 3.42025-04-18
An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based sharing component.
- CVE-2025-59093HIGHCVSS 8.5EG 0.02026-01-26
Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read …
- CVE-2025-7020MEDIUMCVSS 5.1EG 0.02025-08-09
An incorrect encryption implementation vulnerability exists in the system log dump feature of BYD's DiLink 3.0 OS (e.g. in the model ATTO3). An attacker with physical access to the vehicle can bypass the encryption of log dumps on the In-V…
- CVE-2026-42363CRITICALCVSS 9.3EG 9.32026-04-27
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages t…
- CVE-2026-7161CRITICALCVSS 9.3EG 9.32026-05-04
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages t…
Map vulnerabilities like CWE-656 to your infrastructure
EchelonGraph correlates every CVE — across CWE-656 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →