Vulnerabilities (CVE)

Filtered by CWE-294
Total 149 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-31762 1 Mydigoo 2 Dg-hamb, Dg-hamb Firmware 2024-02-28 N/A 7.5 HIGH
Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack.
CVE-2023-31759 1 Keruistore 2 Kerui W18, Kerui W18 Firmware 2024-02-28 N/A 7.5 HIGH
Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack.
CVE-2023-31761 1 Blitzwolf 2 Bw-is22, Bw-is22 Firmware 2024-02-28 N/A 7.5 HIGH
Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack.
CVE-2023-34553 1 Wafucn 2 Wafu Keyless Smart Lock, Wafu Keyless Smart Lock Firmware 2024-02-28 N/A 6.5 MEDIUM
An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack.
CVE-2022-47930 1 Iofinnet 1 Tss-lib 2024-02-28 N/A 6.8 MEDIUM
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past.
CVE-2022-48507 1 Huawei 2 Emui, Harmonyos 2024-02-28 N/A 7.5 HIGH
Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-1886 1 Phpmyfaq 1 Phpmyfaq 2024-02-28 N/A 9.8 CRITICAL
Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-1537 1 Answer 1 Answer 2024-02-28 N/A 9.8 CRITICAL
Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2023-2846 1 Mitsubishielectric 300 Fx3g-14mr\/ds, Fx3g-14mr\/ds Firmware, Fx3g-14mr\/es and 297 more 2024-02-28 N/A 9.1 CRITICAL
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets.
CVE-2023-20123 1 Cisco 2 Duo, Duo Authentication For Windows Logon And Rdp 2024-02-28 N/A 4.6 MEDIUM
A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows device. This vulnerability exists because session credentials do not properly expire. An attacker could exploit this vulnerability by replaying previously used multifactor authentication (MFA) codes to bypass MFA protection. A successful exploit could allow the attacker to gain unauthorized access to the affected device.
CVE-2023-31763 1 Agshome Smart Alarm Project 2 Agshome Smart Alarm, Agshome Smart Alarm Firmware 2024-02-28 N/A 7.5 HIGH
Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack.
CVE-2023-29158 1 Subnet 1 Powersystem Center 2024-02-28 N/A 9.1 CRITICAL
SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity.
CVE-2022-25836 1 Bluetooth 1 Bluetooth Core Specification 2024-02-28 N/A 7.5 HIGH
Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator. The MITM attacker can use the identified Passkey value to complete authentication with the Responder via Bluetooth pairing method confusion.
CVE-2022-45914 1 Electronic Shelf Label Protocol Project 1 Electronic Shelf Label Protocol 2024-02-28 N/A 6.5 MEDIUM
The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing.
CVE-2022-2226 1 Mozilla 1 Thunderbird 2024-02-28 N/A 6.5 MEDIUM
An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email. This vulnerability affects Thunderbird < 102 and Thunderbird < 91.11.
CVE-2022-25837 1 Bluetooth 1 Bluetooth Core Specification 2024-02-28 N/A 7.5 HIGH
Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion.
CVE-2023-0014 1 Sap 4 Netweaver Application Server Abap, Netweaver Application Server Abap Kernel, Netweaver Application Server Abap Krnl64nuc and 1 more 2024-02-28 N/A 9.8 CRITICAL
SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.
CVE-2022-43704 1 Sinilink 2 Xy-wft1, Xy-wft1 Firmware 2024-02-28 N/A 5.9 MEDIUM
The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol (udp/1024) commands interfacing directly with the target device. This, in turn, allows for an attack to control the onboard relay without requiring authentication via the mobile application. This might result in an unacceptable temperature within the target device's physical environment.
CVE-2022-45789 1 Schneider-electric 72 Ecostruxure Control Expert, Ecostruxure Process Expert, Modicon M340 Bmxp341000 and 69 more 2024-02-28 N/A 9.8 CRITICAL
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)
CVE-2022-38766 1 Renault 2 Zoe E-tech, Zoe E-tech Firmware 2024-02-28 N/A 8.1 HIGH
The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack.