Common Weakness Enumeration

CWE-912

Allowed-with-Review

Hidden Functionality

Abstraction: Class · Status: Incomplete

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

146 vulnerabilities reference this CWE, most recent first.

GHSA-WXF3-97X6-X82W

Vulnerability from github – Published: 2024-09-16 14:37 – Updated: 2024-09-16 14:37
VLAI
Details

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45697"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-912"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-16T07:15:03Z",
    "severity": "CRITICAL"
  },
  "details": "Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials.",
  "id": "GHSA-wxf3-97x6-x82w",
  "modified": "2024-09-16T14:37:28Z",
  "published": "2024-09-16T14:37:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45697"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/tw/cp-132-8088-590ed-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X46H-G6VH-9QM7

Vulnerability from github – Published: 2024-12-06 15:31 – Updated: 2024-12-06 15:31
VLAI
Details

The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-10773"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-912"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-06T13:15:05Z",
    "severity": "CRITICAL"
  },
  "details": "The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain\nfull access to the device.",
  "id": "GHSA-x46h-g6vh-9qm7",
  "modified": "2024-12-06T15:31:19Z",
  "published": "2024-12-06T15:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10773"
    },
    {
      "type": "WEB",
      "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/psirt"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/3.1"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.json"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X479-HW9C-267V

Vulnerability from github – Published: 2023-01-17 12:30 – Updated: 2023-01-24 21:30
VLAI
Details

Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-22316"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-912"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-17T10:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services.",
  "id": "GHSA-x479-hw9c-267v",
  "modified": "2023-01-24T21:30:28Z",
  "published": "2023-01-17T12:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22316"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN57296685/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.pixela.co.jp/products/network/pix_rt100/update.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XM7R-423X-5463

Vulnerability from github – Published: 2025-08-20 18:30 – Updated: 2025-09-24 18:30
VLAI
Details

A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-20103"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-912"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-20T16:15:34Z",
    "severity": "CRITICAL"
  },
  "details": "A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.",
  "id": "GHSA-xm7r-423x-5463",
  "modified": "2025-09-24T18:30:23Z",
  "published": "2025-08-20T18:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-20103"
    },
    {
      "type": "WEB",
      "url": "https://advisories.checkpoint.com/defense/advisories/public/2011/cpai-2010-151.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/proftpd/proftpd"
    },
    {
      "type": "WEB",
      "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/ftp/proftpd_133c_backdoor.rb"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20111107212129/http://rsync.proftpd.org"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/15662"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/16921"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/proftpd-backdoor-command-execution"
    },
    {
      "type": "WEB",
      "url": "http://www.proftpd.org"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XV2Q-J99P-J42F

Vulnerability from github – Published: 2022-12-14 15:30 – Updated: 2025-04-21 21:30
VLAI
Details

Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-46997"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-912"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-14T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.",
  "id": "GHSA-xv2q-j99p-j42f",
  "modified": "2025-04-21T21:30:23Z",
  "published": "2022-12-14T15:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46997"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Viralmaniar/Passhunt/issues/14"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Viralmaniar/Passhunt"
    },
    {
      "type": "WEB",
      "url": "https://mirrors.neusoft.edu.cn/pypi/web/simple/request"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XVPP-HHFF-GP7V

Vulnerability from github – Published: 2023-02-16 15:30 – Updated: 2023-02-16 15:30
VLAI
Details

In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3843"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-912"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-16T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.",
  "id": "GHSA-xvpp-hhff-gp7v",
  "modified": "2023-02-16T15:30:28Z",
  "published": "2023-02-16T15:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3843"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en/advisories/VDE-2022-055"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Installation

Always verify the integrity of the product that is being installed.

CAPEC-133: Try All Common Switches

An attacker attempts to invoke all common switches and options in the target application for the purpose of discovering weaknesses in the target. For example, in some applications, adding a --debug switch causes debugging information to be displayed, which can sometimes reveal sensitive processing or configuration information to an attacker. This attack differs from other forms of API abuse in that the attacker is indiscriminately attempting to invoke options in the hope that one of them will work rather than specifically targeting a known option. Nonetheless, even if the attacker is familiar with the published options of a targeted application this attack method may still be fruitful as it might discover unpublicized functionality.

CAPEC-190: Reverse Engineer an Executable to Expose Assumed Hidden Functionality

An attacker analyzes a binary file or executable for the purpose of discovering the structure, function, and possibly source-code of the file by using a variety of analysis techniques to effectively determine how the software functions and operates. This type of analysis is also referred to as Reverse Code Engineering, as techniques exist for extracting source code from an executable. Several techniques are often employed for this purpose, both black box and white box. The use of computer bus analyzers and packet sniffers allows the binary to be studied at a level of interactions with its computing environment, such as a host OS, inter-process communication, and/or network communication. This type of analysis falls into the 'black box' category because it involves behavioral analysis of the software without reference to source code, object code, or protocol specifications.