Threats Tagged 'cve-2026-3611'
View all threats tagged with 'cve-2026-3611'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-3611'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-3611: CWE-306 Missing authentication for critical function in Honeywell IQ4ECVE-2026-3611 0 The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest (level 100) context, granting read/write privileges to any party able to reach the HTTP interface. Authentication controls are only enforced after a web user is created via U.htm, which dynamically enables the user module. Because this function is accessible prior to authentication, a remote user can create a new account with administrative read/write permissions enabling the user module and imposing authentication under attacker-controlled credentials. This action can effectively lock legitimate operators out of local and web-based configuration and administration. Join the discussion | CVE Database V5 | 03/12/2026, 20:06:05 UTC Added: 03/12/2026, 20:29:47 UTC |
Showing 1 to 1 of 1 result