CWE-912: CWE-912
Yearly Trend
Top Affected Vendors
All CWE-912 CVEs (30)
A critical static login vulnerability in Wavlink AC3000 routers allows unauthenticated remote attackers to gain root access by sending specially craft...
Jan 14, 2025This vulnerability affects certain D-Link wireless routers where the telnet service is automatically enabled when the WAN port is connected, exposing ...
Sep 16, 2024CVE-2024-20439 allows unauthenticated remote attackers to log into Cisco Smart Licensing Utility systems using undocumented static administrative cred...
Sep 4, 2024This CVE describes a critical hidden functionality vulnerability in multiple NEC Aterm router models that allows unauthenticated remote attackers to e...
Mar 28, 2024MvcTools version 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 contains a backdoor in its request package dependency that allows remote code execution. Att...
Feb 22, 2023This CVE describes an improper authorization vulnerability in Pepperl+Fuchs Comtrol RocketLinx industrial switches that allows attackers to bypass aut...
Oct 15, 2020CVE-2020-16204 is a critical vulnerability in Red Lion N-Tron 702-W/702M12-W industrial switches that allows remote attackers to execute arbitrary com...
Sep 1, 2020This vulnerability allows unauthenticated attackers on the local network to access undocumented system settings and modify configurations on NEC DT900...
May 14, 2024This vulnerability allows attackers to perform pass-the-hash attacks using hardcoded credentials for hidden user levels, granting full device access. ...
Dec 6, 2024This vulnerability allows remote authenticated attackers to execute arbitrary operating system commands on TAKENAKA ENGINEERING digital video recorder...
Sep 18, 2024This vulnerability allows attackers to enable telnet service on vulnerable D-Link wireless routers using hidden functionality and log in with hard-cod...
Sep 16, 2024This CVE-2023-40158 is a hidden functionality vulnerability in CBC products that allows remote authenticated attackers to execute arbitrary OS command...
Aug 23, 2023This CVE describes a vulnerability where an OpenSSH daemon has a hard-coded root password in /etc/shadow, but the default configuration disables root ...
May 21, 2025An unauthenticated backdoor in Cosori Smart Air Fryer's configuration server allows remote code execution via specially crafted JSON packets. This aff...
Apr 15, 2021This vulnerability in patient monitor firmware creates a backdoor by forcing the device to connect to a hard-coded routable IP address when users atte...
Jan 30, 2025This vulnerability affects Ruijie Networks RG-EST300 devices where SSH server functionality is enabled by default without documentation. Attackers wit...
Oct 16, 2025SOOP-CLM software from PiExtract contains hidden functionality that privileged remote attackers can exploit to execute arbitrary code on the server. T...
Oct 13, 2025Kentico Xperience CMS versions before 13.0.178 allow unauthenticated attackers to bypass file extension restrictions by uploading .zip files that get ...
Apr 6, 2025This vulnerability allows remote attackers to execute arbitrary commands on Netgear Orbi Satellite RBS750 devices by sending specially crafted JSON ob...
Mar 21, 2023The SIMCom SIM7600G modem contains an undocumented AT command that allows execution of arbitrary system commands with root privileges. This affects an...
Jun 11, 2025This CVE describes a backdoor vulnerability in the EFM ipTIME A8004T router's debug interface. Attackers can remotely manipulate the 'cmd' parameter t...
Feb 2, 2026The Go1 robotic companion contains an undocumented backdoor that allows remote attackers with the correct API key to gain complete control over the de...
Mar 28, 2025This vulnerability affects multiple Siemens SIMATIC RFID reader models, allowing attackers with privileged access to modify configuration files and en...
Sep 10, 2024This vulnerability in FNKvision Y215 CCTV cameras allows attackers to exploit a backdoor in the Telnet service via manipulation of the s1_rf_test_conf...
Aug 24, 2025This vulnerability in TOTOLINK N350R routers allows attackers to enable a backdoor via the Telnet service by manipulating the TelEnabled parameter. At...
Aug 14, 2025A critical backdoor vulnerability in Conjure Position Department Service Quality Evaluation System allows remote attackers to execute arbitrary code v...
Jun 29, 2025A hidden functionality vulnerability in Brother MFP devices allows attackers to access device logs containing sensitive information. This affects mult...
Jan 29, 2026A hidden debug functionality vulnerability exists in specific Elecom wireless routers. Remote attackers who can authenticate to the web management int...
Jul 22, 2025This vulnerability affects multiple Siemens SIMATIC RFID reader models, allowing attackers to access hidden debug functionality that reveals internal ...
Sep 10, 2024This vulnerability allows attackers to bypass firmware integrity checks on Sharp Display Solutions projectors, enabling them to install and execute un...
Dec 22, 2025About CWE-912 (CWE-912)
Our database tracks 30 CVEs classified as CWE-912, with 9 rated critical and 10 rated high severity. The average CVSS score for CWE-912 vulnerabilities is 7.8.
External reference: View CWE-912 on MITRE CWE →
Monitor CWE-912 Vulnerabilities
Get alerted when new CWE-912 CVEs affect your infrastructure.
Start Monitoring Free