Common Weakness Enumeration

CWE-620

Allowed

Unverified Password Change

Abstraction: Base · Status: Draft

When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

157 vulnerabilities reference this CWE, most recent first.

GHSA-2R3P-M9QP-P35M

Vulnerability from github – Published: 2024-07-26 18:30 – Updated: 2024-08-01 18:32
VLAI
Details

An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26520"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-620"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-26T17:15:11Z",
    "severity": "CRITICAL"
  },
  "details": "An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets.",
  "id": "GHSA-2r3p-m9qp-p35m",
  "modified": "2024-08-01T18:32:50Z",
  "published": "2024-07-26T18:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26520"
    },
    {
      "type": "WEB",
      "url": "https://idssgmcc.github.io/aran.github.io/2.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-39GF-864W-PXW4

Vulnerability from github – Published: 2022-08-23 00:00 – Updated: 2024-11-22 18:11
VLAI
Summary
Unverified Password Change in OctoPrint
Details

Versions of OctoPrint prior to 1.8.3 did not require the current user password in order to change that users password. As a result users could be locked out of their accounts or have their accounts stolen under certain circumstances.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "OctoPrint"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-2930"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-620"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-08-30T20:25:13Z",
    "nvd_published_at": "2022-08-22T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Versions of OctoPrint prior to 1.8.3 did not require the current user password in order to change that users password. As a result users could be locked out of their accounts or have their accounts stolen under certain circumstances.",
  "id": "GHSA-39gf-864w-pxw4",
  "modified": "2024-11-22T18:11:50Z",
  "published": "2022-08-23T00:00:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2930"
    },
    {
      "type": "WEB",
      "url": "https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/octoprint/octoprint"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-43142.yaml"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Unverified Password Change in OctoPrint"
}

GHSA-3HXX-HMH7-HXPR

Vulnerability from github – Published: 2025-10-16 15:30 – Updated: 2025-10-16 18:30
VLAI
Details

FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset (magic) links using the untrusted req.headers.host header and forces the http:// scheme. An attacker who can control the Host header (or exploit a misconfigured proxy/load-balancer that forwards the header unchanged) can cause reset links to point to attacker-controlled domains or be delivered via insecure HTTP, enabling token theft, phishing, and account takeover.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-61536"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-620"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-16T15:15:34Z",
    "severity": "HIGH"
  },
  "details": "FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset (magic) links using the untrusted `req.headers.host` header and forces the `http://` scheme. An attacker who can control the `Host` header (or exploit a misconfigured proxy/load-balancer that forwards the header unchanged) can cause reset links to point to attacker-controlled domains or be delivered via insecure HTTP, enabling token theft, phishing, and account takeover.",
  "id": "GHSA-3hxx-hmh7-hxpr",
  "modified": "2025-10-16T18:30:23Z",
  "published": "2025-10-16T15:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61536"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FelixRiddle/dev-jobs-handlebars"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bugdotexe/Vulnerability-Research/tree/main/CVE-2025-61536"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3JRG-97F3-RQH9

Vulnerability from github – Published: 2025-05-20 19:26 – Updated: 2025-05-20 19:26
VLAI
Summary
TYPO3 Unverified Password Change for Backend Users
Details

Problem

The backend user management interface allows password changes without requiring the current password. When an administrator updates their own account or modifies other user accounts via the admin interface, the current password is not requested for verification.

This behavior may lower the protection against unauthorized access in scenarios where an admin session is hijacked or left unattended, as it enables password changes without additional authentication.

Solution

Update to TYPO3 versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, 13.4.12 LTS that fix the problem described.

[!NOTE] In these versions, administrators are required to verify their identity through step-up authentication (also known as sudo mode) when changing backend user passwords.

Credits

Thanks to the National Cyber Security Center (NCSC) of Switzerland for reporting this issue, and to TYPO3 core & security team member Benjamin Franzke for fixing it.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 9.5.50"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.5.51"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 9.5.50"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-setup"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.5.51"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 10.4.49"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.0.0"
            },
            {
              "fixed": "10.4.50"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 11.5.43"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0"
            },
            {
              "fixed": "11.5.44"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 12.4.30"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.0.0"
            },
            {
              "fixed": "12.4.31"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 13.4.11"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "13.0.0"
            },
            {
              "fixed": "13.4.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 10.4.49"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-setup"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.0.0"
            },
            {
              "fixed": "10.4.50"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 11.5.43"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-setup"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0"
            },
            {
              "fixed": "11.5.44"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 12.4.30"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-setup"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.0.0"
            },
            {
              "fixed": "12.4.31"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 13.4.11"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-setup"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "13.0.0"
            },
            {
              "fixed": "13.4.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-47938"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-620"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-20T19:26:38Z",
    "nvd_published_at": "2025-05-20T14:15:50Z",
    "severity": "LOW"
  },
  "details": "### Problem\nThe backend user management interface allows password changes without requiring the current password. When an administrator updates their own account or modifies other user accounts via the admin interface, the current password is not requested for verification.\n\nThis behavior may lower the protection against unauthorized access in scenarios where an admin session is hijacked or left unattended, as it enables password changes without additional authentication.\n\n### Solution\nUpdate to TYPO3 versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, 13.4.12 LTS that fix the problem described.\n\n\u003e [!NOTE]\n\u003e In these versions, administrators are required to verify their identity through step-up authentication (also known as sudo mode) when changing backend user passwords.\n\n### Credits\nThanks to the National Cyber Security Center (NCSC) of Switzerland for reporting this issue, and to TYPO3 core \u0026 security team member Benjamin Franzke for fixing it.",
  "id": "GHSA-3jrg-97f3-rqh9",
  "modified": "2025-05-20T19:26:38Z",
  "published": "2025-05-20T19:26:38Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3jrg-97f3-rqh9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47938"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TYPO3-CMS/core/commit/b9a8bcb614ecdd42aa27e1c430c6213d6b6b20b3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TYPO3-CMS/setup/commit/60572dd050d8d861921889a19599bfe045fed5fd"
    },
    {
      "type": "WEB",
      "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-013"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "TYPO3 Unverified Password Change for Backend Users"
}

GHSA-3VMR-C5F4-VPXF

Vulnerability from github – Published: 2023-11-22 18:30 – Updated: 2023-11-22 18:30
VLAI
Details

The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2449"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-620"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-22T16:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.",
  "id": "GHSA-3vmr-c5f4-vpxf",
  "modified": "2023-11-22T18:30:55Z",
  "published": "2023-11-22T18:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2449"
    },
    {
      "type": "WEB",
      "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de9be7bc-4f8a-4393-8ebb-1b1f141b7585?source=cve"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3VXJ-947V-9GFH

Vulnerability from github – Published: 2023-08-16 12:30 – Updated: 2023-08-16 12:30
VLAI
Details

Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4381"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-620"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-16T12:15:13Z",
    "severity": "MODERATE"
  },
  "details": "Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.",
  "id": "GHSA-3vxj-947v-9gfh",
  "modified": "2023-08-16T12:30:55Z",
  "published": "2023-08-16T12:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4381"
    },
    {
      "type": "WEB",
      "url": "https://github.com/instantsoft/icms2/commit/58f8b9941b53b606a1b15a4364005cd2b1965507"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/666c2617-e3e9-4955-9c97-2f8ed5262cc3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3W3H-97P3-6XQH

Vulnerability from github – Published: 2025-06-04 09:31 – Updated: 2025-06-04 09:31
VLAI
Details

The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords through the password reset functionality, including administrators, and leverage that to reset the user's password and gain access to their account.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5482"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-620"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-04T08:15:22Z",
    "severity": "HIGH"
  },
  "details": "The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user\u0027s passwords through the password reset functionality, including administrators, and leverage that to reset the user\u0027s password and gain access to their account.",
  "id": "GHSA-3w3h-97p3-6xqh",
  "modified": "2025-06-04T09:31:36Z",
  "published": "2025-06-04T09:31:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5482"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/sunshine-photo-cart/trunk/includes/functions/account.php#L303"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3305406%40sunshine-photo-cart%2Ftrunk\u0026old=3261773%40sunshine-photo-cart%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5311b43c-14dd-4bdd-b6d0-d6468b831968?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-45PG-8QP2-9CMJ

Vulnerability from github – Published: 2025-05-19 03:30 – Updated: 2025-05-19 03:30
VLAI
Details

A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This affects the function sub_41F4F0 of the file /H5/webgl.asp?tggl_port=0&remote_management=0&http_passwd=game&exec_service=admin-restart. The manipulation leads to unverified password change. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4903"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-620"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-19T01:15:21Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This affects the function sub_41F4F0 of the file /H5/webgl.asp?tggl_port=0\u0026remote_management=0\u0026http_passwd=game\u0026exec_service=admin-restart. The manipulation leads to unverified password change. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-45pg-8qp2-9cmj",
  "modified": "2025-05-19T03:30:29Z",
  "published": "2025-05-19T03:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4903"
    },
    {
      "type": "WEB",
      "url": "https://github.com/at0de/my_vulns/blob/main/Dlink/Di-7003GV2/webgl_asp.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.309459"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.309459"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.578051"
    },
    {
      "type": "WEB",
      "url": "https://www.dlink.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-46GC-WC69-MW4H

Vulnerability from github – Published: 2026-01-26 18:31 – Updated: 2026-01-28 21:31
VLAI
Details

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when access to the affected endpoint is obtained.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-24440"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-620"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-26T18:16:41Z",
    "severity": "HIGH"
  },
  "details": "Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when access to the affected endpoint is obtained.",
  "id": "GHSA-46gc-wc69-mw4h",
  "modified": "2026-01-28T21:31:20Z",
  "published": "2026-01-26T18:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24440"
    },
    {
      "type": "WEB",
      "url": "https://www.tendacn.com/product/W30E"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/tenda-w30e-v2-allows-password-change-without-verifying-current-password"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-4GMM-R9MC-3P3G

Vulnerability from github – Published: 2026-02-27 21:31 – Updated: 2026-02-27 21:31
VLAI
Details

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persistent access to the management interface.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-27757"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-620"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-27T19:16:09Z",
    "severity": "HIGH"
  },
  "details": "SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persistent access to the management interface.",
  "id": "GHSA-4gmm-r9mc-3p3g",
  "modified": "2026-02-27T21:31:22Z",
  "published": "2026-02-27T21:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27757"
    },
    {
      "type": "WEB",
      "url": "https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-unverified-password-change"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Architecture and Design

When prompting for a password change, force the user to provide the original password in addition to the new password.

Mitigation
Architecture and Design

Do not use "forgotten password" functionality. But if you must, ensure that you are only providing information to the actual user, e.g. by using an email address or challenge question that the legitimate user already provided in the past; do not allow the current user to change this identity information until the correct password has been provided.

No CAPEC attack patterns related to this CWE.