QSearchQSearch

CVE-2026-0647

An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server

Published: 2026-06-16 · Last updated: 2026-06-16

Severity and scoring

CWE
CWE-306

Description

An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any prior authentication being required. If exploited, this could lead to unauthorized access, account takeover, and loss of the device’s embedded web server’s availability.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2018-25437 WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download... (7.5 HIGH)
  • CVE-2026-12183 Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerabili... (9.8 CRITICAL)
  • CVE-2026-53868 Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses ... (7.5 HIGH)
  • CVE-2026-50287 AgenticMail gives AI agents real email addresses and phone numbers
  • CVE-2026-53981 Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary ... (7.6 HIGH)