CWE-912
Allowed-with-ReviewHidden Functionality
Abstraction: Class · Status: Incomplete
The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.
146 vulnerabilities reference this CWE, most recent first.
GHSA-5JVW-W4J5-8WRQ
Vulnerability from github – Published: 2021-12-24 00:00 – Updated: 2021-12-30 00:00An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface.
{
"affected": [],
"aliases": [
"CVE-2021-43987"
],
"database_specific": {
"cwe_ids": [
"CWE-912"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-23T20:15:00Z",
"severity": "CRITICAL"
},
"details": "An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface.",
"id": "GHSA-5jvw-w4j5-8wrq",
"modified": "2021-12-30T00:00:33Z",
"published": "2021-12-24T00:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43987"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5PM9-6VQ7-8MC4
Vulnerability from github – Published: 2024-09-18 09:30 – Updated: 2024-09-18 18:30Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.
{
"affected": [],
"aliases": [
"CVE-2024-47001"
],
"database_specific": {
"cwe_ids": [
"CWE-912"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T07:15:04Z",
"severity": "HIGH"
},
"details": "Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.",
"id": "GHSA-5pm9-6vq7-8mc4",
"modified": "2024-09-18T18:30:51Z",
"published": "2024-09-18T09:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47001"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU90142679"
},
{
"type": "WEB",
"url": "https://www.takex-eng.co.jp/ja/news/news.php?s=68"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5Q5H-874V-F63H
Vulnerability from github – Published: 2022-12-14 15:30 – Updated: 2025-04-21 21:30vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
{
"affected": [],
"aliases": [
"CVE-2022-46996"
],
"database_specific": {
"cwe_ids": [
"CWE-912"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-14T15:15:00Z",
"severity": "CRITICAL"
},
"details": "vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.",
"id": "GHSA-5q5h-874v-f63h",
"modified": "2025-04-21T21:30:23Z",
"published": "2022-12-14T15:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46996"
},
{
"type": "WEB",
"url": "https://github.com/SHenry07/vSphere_selfuse/issues/39"
},
{
"type": "WEB",
"url": "https://github.com/SHenry07/vSphere_selfuse"
},
{
"type": "WEB",
"url": "https://mirrors.neusoft.edu.cn/pypi/web/simple/request"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-647R-RHM4-28G2
Vulnerability from github – Published: 2025-12-22 06:30 – Updated: 2025-12-22 06:30Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.
{
"affected": [],
"aliases": [
"CVE-2025-11544"
],
"database_specific": {
"cwe_ids": [
"CWE-912"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-22T06:15:50Z",
"severity": "CRITICAL"
},
"details": "Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.",
"id": "GHSA-647r-rhm4-28g2",
"modified": "2025-12-22T06:30:28Z",
"published": "2025-12-22T06:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11544"
},
{
"type": "WEB",
"url": "https://sharp-displays.jp.sharp/global/support/info/PJ-CVE-2025-11544.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-66C6-XH5V-573Q
Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.
{
"affected": [],
"aliases": [
"CVE-2020-12504"
],
"database_specific": {
"cwe_ids": [
"CWE-863",
"CWE-912"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-15T19:15:00Z",
"severity": "CRITICAL"
},
"details": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.",
"id": "GHSA-66c6-xh5v-573q",
"modified": "2022-05-24T17:30:44Z",
"published": "2022-05-24T17:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12504"
},
{
"type": "WEB",
"url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
},
{
"type": "WEB",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/Jun/0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-69HP-Q8X6-QJJM
Vulnerability from github – Published: 2023-12-08 18:30 – Updated: 2023-12-08 18:30A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The manipulation leads to backdoor. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2023-6614"
],
"database_specific": {
"cwe_ids": [
"CWE-912"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-08T16:15:20Z",
"severity": "LOW"
},
"details": "A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The manipulation leads to backdoor. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-69hp-q8x6-qjjm",
"modified": "2023-12-08T18:30:42Z",
"published": "2023-12-08T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6614"
},
{
"type": "WEB",
"url": "https://github.com/JTZ-a/SRC/blob/master/Typecho/Typecho-IDOR/en-us.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.247249"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.247249"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-6JGC-395X-2VW4
Vulnerability from github – Published: 2025-09-17 06:30 – Updated: 2025-09-17 06:30Hidden functionality issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, SSH may be enabled by a remote authenticated attacker.
{
"affected": [],
"aliases": [
"CVE-2025-55075"
],
"database_specific": {
"cwe_ids": [
"CWE-912"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-17T04:16:08Z",
"severity": "MODERATE"
},
"details": "Hidden functionality issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, SSH may be enabled by a remote authenticated attacker.",
"id": "GHSA-6jgc-395x-2vw4",
"modified": "2025-09-17T06:30:23Z",
"published": "2025-09-17T06:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55075"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU97490987"
},
{
"type": "WEB",
"url": "https://www.iodata.jp/support/information/2025/09_wn-7d36qr/index.htm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-74Q6-VJF5-FM72
Vulnerability from github – Published: 2025-10-16 06:30 – Updated: 2025-10-16 06:30Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure, altering the system configurations, or causing a denial of service (DoS) condition.
{
"affected": [],
"aliases": [
"CVE-2025-58778"
],
"database_specific": {
"cwe_ids": [
"CWE-912"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-16T06:15:37Z",
"severity": "HIGH"
},
"details": "Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure, altering the system configurations, or causing a denial of service (DoS) condition.",
"id": "GHSA-74q6-vjf5-fm72",
"modified": "2025-10-16T06:30:25Z",
"published": "2025-10-16T06:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58778"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN72648885"
},
{
"type": "WEB",
"url": "https://www.ruijie.com.cn/gy/xw-aqtg-gw/929848"
},
{
"type": "WEB",
"url": "https://www.ruijie.com/en-global/support/productLifecycle"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-79F4-VM9F-23QH
Vulnerability from github – Published: 2025-10-13 09:30 – Updated: 2025-10-13 09:30SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server.
{
"affected": [],
"aliases": [
"CVE-2025-11673"
],
"database_specific": {
"cwe_ids": [
"CWE-912"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-13T08:15:40Z",
"severity": "HIGH"
},
"details": "SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server.",
"id": "GHSA-79f4-vm9f-23qh",
"modified": "2025-10-13T09:30:25Z",
"published": "2025-10-13T09:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11673"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/en/cp-139-10422-e06c3-2.html"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/tw/cp-132-10421-5cf6b-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-892Q-6J8F-3Q9C
Vulnerability from github – Published: 2026-03-23 15:30 – Updated: 2026-04-29 18:31Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. Once enabled, the service exposes a privileged diagnostic management interface over the network, increasing the attack surface and enabling further compromise of the device.
{
"affected": [],
"aliases": [
"CVE-2026-31847"
],
"database_specific": {
"cwe_ids": [
"CWE-912"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-23T13:16:30Z",
"severity": "HIGH"
},
"details": "Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. Once enabled, the service exposes a privileged diagnostic management interface over the network, increasing the attack surface and enabling further compromise of the device.",
"id": "GHSA-892q-6j8f-3q9c",
"modified": "2026-04-29T18:31:30Z",
"published": "2026-03-23T15:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31847"
},
{
"type": "WEB",
"url": "https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip"
},
{
"type": "WEB",
"url": "https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
Always verify the integrity of the product that is being installed.
CAPEC-133: Try All Common Switches
An attacker attempts to invoke all common switches and options in the target application for the purpose of discovering weaknesses in the target. For example, in some applications, adding a --debug switch causes debugging information to be displayed, which can sometimes reveal sensitive processing or configuration information to an attacker. This attack differs from other forms of API abuse in that the attacker is indiscriminately attempting to invoke options in the hope that one of them will work rather than specifically targeting a known option. Nonetheless, even if the attacker is familiar with the published options of a targeted application this attack method may still be fruitful as it might discover unpublicized functionality.
CAPEC-190: Reverse Engineer an Executable to Expose Assumed Hidden Functionality
An attacker analyzes a binary file or executable for the purpose of discovering the structure, function, and possibly source-code of the file by using a variety of analysis techniques to effectively determine how the software functions and operates. This type of analysis is also referred to as Reverse Code Engineering, as techniques exist for extracting source code from an executable. Several techniques are often employed for this purpose, both black box and white box. The use of computer bus analyzers and packet sniffers allows the binary to be studied at a level of interactions with its computing environment, such as a host OS, inter-process communication, and/or network communication. This type of analysis falls into the 'black box' category because it involves behavioral analysis of the software without reference to source code, object code, or protocol specifications.