CWE-912
Allowed-with-ReviewHidden Functionality
Abstraction: Class · Status: Incomplete
The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.
146 vulnerabilities reference this CWE, most recent first.
CVE-2017-20082 (GCVE-0-2017-20082)
Vulnerability from cvelistv5 – Published: 2022-06-22 06:10 – Updated: 2025-04-15 14:15- CWE-912 - Backdoor
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2017/Feb/18 | x_refsource_MISC |
| https://vuldb.com/?id.96815 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| JUNG | Smart Visu Server |
Affected:
1.0.804
Affected: 1.0.830 Affected: 1.0.832 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:25.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Feb/18"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.96815"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20082",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:09:09.795706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:15:53.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Smart Visu Server",
"vendor": "JUNG",
"versions": [
{
"status": "affected",
"version": "1.0.804"
},
{
"status": "affected",
"version": "1.0.830"
},
{
"status": "affected",
"version": "1.0.832"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T. Weber"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. This issue affects some unknown processing. The manipulation leads to backdoor. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "CWE-912 Backdoor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-22T06:10:14.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Feb/18"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.96815"
}
],
"title": "JUNG Smart Visu Server backdoor",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20082",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "JUNG Smart Visu Server backdoor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Visu Server",
"version": {
"version_data": [
{
"version_value": "1.0.804"
},
{
"version_value": "1.0.830"
},
{
"version_value": "1.0.832"
}
]
}
}
]
},
"vendor_name": "JUNG"
}
]
}
},
"credit": "T. Weber",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. This issue affects some unknown processing. The manipulation leads to backdoor. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "5.5",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-912 Backdoor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Feb/18",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Feb/18"
},
{
"name": "https://vuldb.com/?id.96815",
"refsource": "MISC",
"url": "https://vuldb.com/?id.96815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20082",
"datePublished": "2022-06-22T06:10:15.000Z",
"dateReserved": "2022-06-19T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:15:53.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-10018 (GCVE-0-2011-10018)
Vulnerability from cvelistv5 – Published: 2025-08-13 20:35 – Updated: 2026-04-07 14:02| URL | Tags |
|---|---|
| https://raw.githubusercontent.com/rapid7/metasplo… | exploit |
| https://www.exploit-db.com/exploits/17949 | exploit |
| https://web.archive.org/web/20111015224948/http:/… | third-party-advisory |
| https://blog.mybb.com/2011/10/06/1-6-4-security-v… | vendor-advisorypatch |
| https://www.vulncheck.com/advisories/mybb-backdoo… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| myBB Group | Forum Software |
Affected:
1.6.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2011-10018",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T14:07:57.715204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T14:08:01.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/mybb_backdoor.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/17949"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"index.php",
"collapsed cookie"
],
"product": "Forum Software",
"vendor": "myBB Group",
"versions": [
{
"status": "affected",
"version": "1.6.4"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybb:mybb:1.6.4:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "MyBB"
}
],
"datePublic": "2011-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was introduced during packaging and was not part of the intended application logic. Exploitation requires no authentication and results in full compromise of the web server under the context of the web application."
}
],
"value": "myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was introduced during packaging and was not part of the intended application logic. Exploitation requires no authentication and results in full compromise of the web server under the context of the web application."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "CWE-912 Hidden Functionality",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:02:09.269Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/mybb_backdoor.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/17949"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://web.archive.org/web/20111015224948/http://secunia.com/advisories/46300/"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://blog.mybb.com/2011/10/06/1-6-4-security-vulnerabilit/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mybb-backdoor-arbitrary-command-execution"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "myBB 1.6.4 Backdoor Arbitrary Command Execution",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2011-10018",
"datePublished": "2025-08-13T20:35:31.755Z",
"dateReserved": "2025-08-13T17:52:08.905Z",
"dateUpdated": "2026-04-07T14:02:09.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2010-20103 (GCVE-0-2010-20103)
Vulnerability from cvelistv5 – Published: 2025-08-20 15:38 – Updated: 2026-07-15 01:23 X_Known Exploited Vulnerability- CWE-912 - Hidden Functionality
| URL | Tags |
|---|---|
| https://web.archive.org/web/20111107212129/http:/… | vendor-advisorypatch |
| https://raw.githubusercontent.com/rapid7/metasplo… | exploit |
| https://www.exploit-db.com/exploits/15662 | exploit |
| https://www.exploit-db.com/exploits/16921 | exploit |
| https://advisories.checkpoint.com/defense/advisor… | third-party-advisory |
| https://github.com/proftpd/proftpd | product |
| http://www.proftpd.org/ | product |
| https://www.vulncheck.com/advisories/proftpd-back… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| ProFTPD Project | ProFTPD (Professional FTP Daemon) |
Affected:
1.3.3c
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2010-20103",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T15:44:16.891816Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T15:44:20.670Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/16921"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/15662"
},
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/ftp/proftpd_133c_backdoor.rb"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"core daemon"
],
"packageURL": "pkg:github/proftpd/proftpd",
"product": "ProFTPD (Professional FTP Daemon)",
"repo": "https://github.com/proftpd/proftpd",
"vendor": "ProFTPD Project",
"versions": [
{
"status": "affected",
"version": "1.3.3c"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd:proftpd:1.3.3c:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2010-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.\u003c/p\u003e"
}
],
"value": "A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "CWE-912 Hidden Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:23:11.729Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://web.archive.org/web/20111107212129/http://rsync.proftpd.org/"
},
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/ftp/proftpd_133c_backdoor.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/15662"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/16921"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://advisories.checkpoint.com/defense/advisories/public/2011/cpai-2010-151.html/"
},
{
"tags": [
"product"
],
"url": "https://github.com/proftpd/proftpd"
},
{
"tags": [
"product"
],
"url": "http://www.proftpd.org/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/proftpd-backdoor-command-execution"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_known-exploited-vulnerability"
],
"title": "ProFTPD 1.3.3c Backdoor Command Execution",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2010-20103",
"datePublished": "2025-08-20T15:38:46.697Z",
"dateReserved": "2025-08-19T16:00:37.400Z",
"dateUpdated": "2026-07-15T01:23:11.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
GHSA-236C-VHJ4-GFXG
Vulnerability from github – Published: 2022-05-25 00:00 – Updated: 2026-02-17 21:40Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-pjwm-rvh2-c87w. This link is maintained to preserve external references.
Original Description
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "ua-parser-js"
},
"ranges": [
{
"events": [
{
"introduced": "0.7.29"
},
{
"fixed": "0.7.30"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.7.29"
]
},
{
"package": {
"ecosystem": "npm",
"name": "ua-parser-js"
},
"ranges": [
{
"events": [
{
"introduced": "0.8.0"
},
{
"fixed": "0.8.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.8.0"
]
},
{
"package": {
"ecosystem": "npm",
"name": "ua-parser-js"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0.0"
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-829",
"CWE-912"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-17T21:40:20Z",
"nvd_published_at": "2022-05-24T16:15:00Z",
"severity": "HIGH"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-pjwm-rvh2-c87w. This link is maintained to preserve external references.\n\n### Original Description\nA vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component.",
"id": "GHSA-236c-vhj4-gfxg",
"modified": "2026-02-17T21:40:20Z",
"published": "2022-05-25T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4229"
},
{
"type": "WEB",
"url": "https://github.com/faisalman/ua-parser-js/issues/536"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-pjwm-rvh2-c87w"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.185453"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: Embedded malware in ua-parser-js",
"withdrawn": "2026-02-17T21:40:20Z"
}
GHSA-23CV-W96C-877F
Vulnerability from github – Published: 2025-03-28 03:30 – Updated: 2025-04-03 15:31The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.
{
"affected": [],
"aliases": [
"CVE-2025-2894"
],
"database_specific": {
"cwe_ids": [
"CWE-912"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-28T03:15:18Z",
"severity": "MODERATE"
},
"details": "The Go1\u00a0also known as \"The World\u0027s First Intelligence Bionic Quadruped Robot Companion of Consumer Level,\" contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.",
"id": "GHSA-23cv-w96c-877f",
"modified": "2025-04-03T15:31:09Z",
"published": "2025-03-28T03:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2894"
},
{
"type": "WEB",
"url": "https://github.com/unitreerobotics/unitree_ros/issues/120"
},
{
"type": "WEB",
"url": "https://github.com/MAVProxyUser/YushuTechUnitreeGo1/blob/main/Unitree_report.pdf"
},
{
"type": "WEB",
"url": "https://takeonme.org/cves/cve-2025-2894"
},
{
"type": "WEB",
"url": "https://www.axios.com/2025/04/01/threat-spotlight-backdoor-in-chinese-robots-future-of-cybersecurity"
},
{
"type": "WEB",
"url": "https://x.com/d0tslash/status/1730989109332607208"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-29HX-4X6H-2Q4X
Vulnerability from github – Published: 2023-12-29 12:30 – Updated: 2024-02-29 03:32A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249260.
{
"affected": [],
"aliases": [
"CVE-2023-4467"
],
"database_specific": {
"cwe_ids": [
"CWE-912"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T10:15:12Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249260.",
"id": "GHSA-29hx-4x6h-2q4x",
"modified": "2024-02-29T03:32:46Z",
"published": "2023-12-29T12:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4467"
},
{
"type": "WEB",
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
},
{
"type": "WEB",
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"type": "WEB",
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip"
},
{
"type": "WEB",
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip-devices"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.249260"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.249260"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2R6R-VGG5-P59V
Vulnerability from github – Published: 2026-07-13 09:31 – Updated: 2026-07-13 09:31Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.
{
"affected": [],
"aliases": [
"CVE-2026-4769"
],
"database_specific": {
"cwe_ids": [
"CWE-912"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-13T08:16:21Z",
"severity": "CRITICAL"
},
"details": "Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.",
"id": "GHSA-2r6r-vgg5-p59v",
"modified": "2026-07-13T09:31:42Z",
"published": "2026-07-13T09:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4769"
},
{
"type": "WEB",
"url": "https://www.certvde.com/en/advisories/VDE-2026-031"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-397X-MCH8-3P5M
Vulnerability from github – Published: 2025-06-29 03:33 – Updated: 2025-06-29 03:33A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the argument payload leads to backdoor. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-6839"
],
"database_specific": {
"cwe_ids": [
"CWE-912"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-29T02:15:21Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the argument payload leads to backdoor. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-397x-mch8-3p5m",
"modified": "2025-06-29T03:33:10Z",
"published": "2025-06-29T03:33:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6839"
},
{
"type": "WEB",
"url": "https://note-hxlab.wetolink.com/share/LZJIef0phS6B"
},
{
"type": "WEB",
"url": "https://note-hxlab.wetolink.com/share/LZJIef0phS6B#proof-of-concept-"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.314282"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.314282"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.603176"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3CC5-Q36C-J82W
Vulnerability from github – Published: 2025-08-14 06:30 – Updated: 2025-08-14 06:30A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argument TelEnabled leads to backdoor. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-8938"
],
"database_specific": {
"cwe_ids": [
"CWE-912"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-14T05:15:27Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argument TelEnabled leads to backdoor. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-3cc5-q36c-j82w",
"modified": "2025-08-14T06:30:34Z",
"published": "2025-08-14T06:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8938"
},
{
"type": "WEB",
"url": "https://github.com/rew1X/CVE/blob/main/TOTOLINK/formSysTel/formSysTel.md"
},
{
"type": "WEB",
"url": "https://github.com/rew1X/CVE/blob/main/TOTOLINK/formSysTel/formSysTel.md#poc"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.319901"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.319901"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.631837"
},
{
"type": "WEB",
"url": "https://www.totolink.net"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3VP9-WJW8-VGMX
Vulnerability from github – Published: 2026-03-27 06:31 – Updated: 2026-03-31 21:31Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands.
{
"affected": [],
"aliases": [
"CVE-2026-33280"
],
"database_specific": {
"cwe_ids": [
"CWE-912"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-27T06:16:38Z",
"severity": "HIGH"
},
"details": "Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product\u2019s debugging functionality, resulting in the execution of arbitrary OS commands.",
"id": "GHSA-3vp9-wjw8-vgmx",
"modified": "2026-03-31T21:31:15Z",
"published": "2026-03-27T06:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33280"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN83788689"
},
{
"type": "WEB",
"url": "https://www.buffalo.jp/news/detail/20260323-01.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
Always verify the integrity of the product that is being installed.
CAPEC-133: Try All Common Switches
An attacker attempts to invoke all common switches and options in the target application for the purpose of discovering weaknesses in the target. For example, in some applications, adding a --debug switch causes debugging information to be displayed, which can sometimes reveal sensitive processing or configuration information to an attacker. This attack differs from other forms of API abuse in that the attacker is indiscriminately attempting to invoke options in the hope that one of them will work rather than specifically targeting a known option. Nonetheless, even if the attacker is familiar with the published options of a targeted application this attack method may still be fruitful as it might discover unpublicized functionality.
CAPEC-190: Reverse Engineer an Executable to Expose Assumed Hidden Functionality
An attacker analyzes a binary file or executable for the purpose of discovering the structure, function, and possibly source-code of the file by using a variety of analysis techniques to effectively determine how the software functions and operates. This type of analysis is also referred to as Reverse Code Engineering, as techniques exist for extracting source code from an executable. Several techniques are often employed for this purpose, both black box and white box. The use of computer bus analyzers and packet sniffers allows the binary to be studied at a level of interactions with its computing environment, such as a host OS, inter-process communication, and/or network communication. This type of analysis falls into the 'black box' category because it involves behavioral analysis of the software without reference to source code, object code, or protocol specifications.