Threats Tagged 'cwe-1390'

CVE-2026-0274 is a high-severity vulnerability in the CommvaultSecurityIQ integration for Palo Alto Networks Cortex XSIAM and Cortex XSOAR. It involves improper validation of credentials, allowing an unauthenticated attacker to access and modify protected resources. The vulnerability affects version 1.1.0 of the product. No official patch or remediation guidance is currently provided by the vendor. There are no known exploits in the wild at this time.

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8.

FreePBX versions prior to 17.0.8 contain a vulnerability in the api module's OAuth2 implementation where client credentials are not properly validated during token issuance. Specifically, the validateClient() method in ClientRepository.php always returns true, allowing an attacker who knows a valid client_id to obtain OAuth2 access tokens without the correct client_secret. This weakness enables unauthorized access to the system's OAuth2 tokens. The issue is fixed in version 17.0.8.

Weak authentication between the Wireless Control Module (WCM) and the Engine Control Module (ECM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the per-vehicle ECM immobilizer secret by passively observing a single seed/key exchange. The WCM derives its response using a reversible, non-cryptographic operation rather than a cryptographic challenge-response, so the persistent immobilizer secret can be reconstructed from one captured exchange. With this secret the attacker can authenticate to the ECM independently of the WCM and start the engine, defeating the immobilizer. Specific protocol details have been withheld pending vendor remediation.

Weak authentication in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The Infotainment Digital Round display computes its response using a non-cryptographic operation rather than a cryptographic challenge-response, so the PIN is mathematically derivable from one captured exchange, defeating the motorcycle's primary user-authentication control. Specific protocol details have been withheld pending vendor remediation.