Common Weakness Enumeration

CWE-912

Allowed-with-Review

Hidden Functionality

Abstraction: Class · Status: Incomplete

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

146 vulnerabilities reference this CWE, most recent first.

GHSA-5JVW-W4J5-8WRQ

Vulnerability from github – Published: 2021-12-24 00:00 – Updated: 2021-12-30 00:00
VLAI
Details

An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-43987"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-912"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-23T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface.",
  "id": "GHSA-5jvw-w4j5-8wrq",
  "modified": "2021-12-30T00:00:33Z",
  "published": "2021-12-24T00:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43987"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-5PM9-6VQ7-8MC4

Vulnerability from github – Published: 2024-09-18 09:30 – Updated: 2024-09-18 18:30
VLAI
Details

Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47001"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-912"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-18T07:15:04Z",
    "severity": "HIGH"
  },
  "details": "Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.",
  "id": "GHSA-5pm9-6vq7-8mc4",
  "modified": "2024-09-18T18:30:51Z",
  "published": "2024-09-18T09:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47001"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU90142679"
    },
    {
      "type": "WEB",
      "url": "https://www.takex-eng.co.jp/ja/news/news.php?s=68"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5Q5H-874V-F63H

Vulnerability from github – Published: 2022-12-14 15:30 – Updated: 2025-04-21 21:30
VLAI
Details

vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-46996"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-912"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-14T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.",
  "id": "GHSA-5q5h-874v-f63h",
  "modified": "2025-04-21T21:30:23Z",
  "published": "2022-12-14T15:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46996"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SHenry07/vSphere_selfuse/issues/39"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SHenry07/vSphere_selfuse"
    },
    {
      "type": "WEB",
      "url": "https://mirrors.neusoft.edu.cn/pypi/web/simple/request"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-647R-RHM4-28G2

Vulnerability from github – Published: 2025-12-22 06:30 – Updated: 2025-12-22 06:30
VLAI
Details

Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-11544"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-912"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-22T06:15:50Z",
    "severity": "CRITICAL"
  },
  "details": "Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.",
  "id": "GHSA-647r-rhm4-28g2",
  "modified": "2025-12-22T06:30:28Z",
  "published": "2025-12-22T06:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11544"
    },
    {
      "type": "WEB",
      "url": "https://sharp-displays.jp.sharp/global/support/info/PJ-CVE-2025-11544.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-66C6-XH5V-573Q

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30
VLAI
Details

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-12504"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863",
      "CWE-912"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-15T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.",
  "id": "GHSA-66c6-xh5v-573q",
  "modified": "2022-05-24T17:30:44Z",
  "published": "2022-05-24T17:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12504"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
    },
    {
      "type": "WEB",
      "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-69HP-Q8X6-QJJM

Vulnerability from github – Published: 2023-12-08 18:30 – Updated: 2023-12-08 18:30
VLAI
Details

A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The manipulation leads to backdoor. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6614"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-912"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-08T16:15:20Z",
    "severity": "LOW"
  },
  "details": "A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The manipulation leads to backdoor. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-69hp-q8x6-qjjm",
  "modified": "2023-12-08T18:30:42Z",
  "published": "2023-12-08T18:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6614"
    },
    {
      "type": "WEB",
      "url": "https://github.com/JTZ-a/SRC/blob/master/Typecho/Typecho-IDOR/en-us.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.247249"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.247249"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6JGC-395X-2VW4

Vulnerability from github – Published: 2025-09-17 06:30 – Updated: 2025-09-17 06:30
VLAI
Details

Hidden functionality issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, SSH may be enabled by a remote authenticated attacker.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-55075"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-912"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-17T04:16:08Z",
    "severity": "MODERATE"
  },
  "details": "Hidden functionality issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, SSH may be enabled by a remote authenticated attacker.",
  "id": "GHSA-6jgc-395x-2vw4",
  "modified": "2025-09-17T06:30:23Z",
  "published": "2025-09-17T06:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55075"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU97490987"
    },
    {
      "type": "WEB",
      "url": "https://www.iodata.jp/support/information/2025/09_wn-7d36qr/index.htm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-74Q6-VJF5-FM72

Vulnerability from github – Published: 2025-10-16 06:30 – Updated: 2025-10-16 06:30
VLAI
Details

Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure, altering the system configurations, or causing a denial of service (DoS) condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-58778"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-912"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-16T06:15:37Z",
    "severity": "HIGH"
  },
  "details": "Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure, altering the system configurations, or causing a denial of service (DoS) condition.",
  "id": "GHSA-74q6-vjf5-fm72",
  "modified": "2025-10-16T06:30:25Z",
  "published": "2025-10-16T06:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58778"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN72648885"
    },
    {
      "type": "WEB",
      "url": "https://www.ruijie.com.cn/gy/xw-aqtg-gw/929848"
    },
    {
      "type": "WEB",
      "url": "https://www.ruijie.com/en-global/support/productLifecycle"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-79F4-VM9F-23QH

Vulnerability from github – Published: 2025-10-13 09:30 – Updated: 2025-10-13 09:30
VLAI
Details

SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-11673"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-912"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-13T08:15:40Z",
    "severity": "HIGH"
  },
  "details": "SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server.",
  "id": "GHSA-79f4-vm9f-23qh",
  "modified": "2025-10-13T09:30:25Z",
  "published": "2025-10-13T09:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11673"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/en/cp-139-10422-e06c3-2.html"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/tw/cp-132-10421-5cf6b-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-892Q-6J8F-3Q9C

Vulnerability from github – Published: 2026-03-23 15:30 – Updated: 2026-04-29 18:31
VLAI
Details

Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. Once enabled, the service exposes a privileged diagnostic management interface over the network, increasing the attack surface and enabling further compromise of the device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31847"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-912"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-23T13:16:30Z",
    "severity": "HIGH"
  },
  "details": "Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. Once enabled, the service exposes a privileged diagnostic management interface over the network, increasing the attack surface and enabling further compromise of the device.",
  "id": "GHSA-892q-6j8f-3q9c",
  "modified": "2026-04-29T18:31:30Z",
  "published": "2026-03-23T15:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31847"
    },
    {
      "type": "WEB",
      "url": "https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip"
    },
    {
      "type": "WEB",
      "url": "https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Installation

Always verify the integrity of the product that is being installed.

CAPEC-133: Try All Common Switches

An attacker attempts to invoke all common switches and options in the target application for the purpose of discovering weaknesses in the target. For example, in some applications, adding a --debug switch causes debugging information to be displayed, which can sometimes reveal sensitive processing or configuration information to an attacker. This attack differs from other forms of API abuse in that the attacker is indiscriminately attempting to invoke options in the hope that one of them will work rather than specifically targeting a known option. Nonetheless, even if the attacker is familiar with the published options of a targeted application this attack method may still be fruitful as it might discover unpublicized functionality.

CAPEC-190: Reverse Engineer an Executable to Expose Assumed Hidden Functionality

An attacker analyzes a binary file or executable for the purpose of discovering the structure, function, and possibly source-code of the file by using a variety of analysis techniques to effectively determine how the software functions and operates. This type of analysis is also referred to as Reverse Code Engineering, as techniques exist for extracting source code from an executable. Several techniques are often employed for this purpose, both black box and white box. The use of computer bus analyzers and packet sniffers allows the binary to be studied at a level of interactions with its computing environment, such as a host OS, inter-process communication, and/or network communication. This type of analysis falls into the 'black box' category because it involves behavioral analysis of the software without reference to source code, object code, or protocol specifications.