目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-489 遗留的调试代码 类漏洞列表 62

CWE-489 遗留的调试代码 类弱点 62 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-489 属于代码残留类漏洞,指软件发布时未移除或禁用的调试代码。攻击者常利用这些遗留代码获取敏感系统信息、绕过访问控制或触发异常状态,从而进一步实施攻击。开发者应在发布前彻底审查代码,确保所有调试功能、日志记录及诊断接口被完全禁用或移除,并建立严格的构建流程以杜绝调试代码进入生产环境。

MITRE CWE 官方描述
CWE:CWE-489 Active Debug Code 英文:The product is released with debugging code still enabled or active. 译文:产品发布时,调试代码(debugging code)仍处于启用或激活状态。
常见影响 (1)
Confidentiality, Integrity, Availability, Access Control, OtherBypass Protection Mechanism, Read Application Data, Gain Privileges or Assume Identity, Varies by Context
Active debug code can create unintended entry points or expose sensitive information. The severity of the exposed debug code will depend on the particular instance. At the least, it will give an attacker sensitive information about the settings and mechanics of web applications on the server. At wor…
缓解措施 (1)
Build and Compilation, DistributionRemove debug code before deploying the application.
代码示例 (1)
Debug code can be used to bypass authentication. For example, suppose an application has a login script that receives a username and a password. Assume also that a third, optional, parameter, called "debug", is interpreted by the script as requesting a switch to debug mode, and that when this parameter is given the username and password are not checked. In such a case, it is very simple to bypass …
<FORM ACTION="/authenticate_login.cgi"> <INPUT TYPE=TEXT name=username> <INPUT TYPE=PASSWORD name=password> <INPUT TYPE=SUBMIT> </FORM>
Bad · HTML
http://TARGET/authenticate_login.cgi?username=...&password=...
Informative
CVE ID标题CVSS风险等级Published
CVE-2026-40035 Unfurl 安全漏洞 — unfurl 9.1 Critical2026-04-08
CVE-2026-32662 Gardyn 安全漏洞 — Cloud API 5.3 Medium2026-04-03
CVE-2026-33201 GREEN HOUSE Digital Photo Frame 安全漏洞 — Digital Photo Frame GH-WDF10A 8.4AIHighAI2026-03-26
CVE-2025-15017 Moxa NPort 5000 Series 安全漏洞 — NPort 5000AI-M12 Series 7.6 -2025-12-31
CVE-2025-42872 SAP NetWeaver Enterprise Portal 安全漏洞 — SAP NetWeaver Enterprise Portal 6.1 Medium2025-12-09
CVE-2025-2486 Ubuntu EDK2 安全漏洞 — edk2 6.0AIMediumAI2025-11-26
CVE-2025-64983 SwitchBot Smart Video Doorbell 安全漏洞 — Smart Video Doorbell 9.8AICriticalAI2025-11-26
CVE-2025-54660 Fortinet FortiClientWindows 安全漏洞 — FortiClientWindows 4.9 Medium2025-11-18
CVE-2025-4106 WatchGuard Fireware OS 安全漏洞 — Fireware OS 7.2 -2025-10-24
CVE-2025-21472 Qualcomm Chipsets 安全漏洞 — Snapdragon 5.5 Medium2025-08-06
CVE-2025-7705 ABB Switch Actuator 4 DU-83330 安全漏洞 — Switch Actuator 4 DU-83330 6.8 Medium2025-07-22
CVE-2025-1479 Lenovo Legion Space 安全漏洞 — Legion Space for Legion Go 5.3 Medium2025-05-30
CVE-2025-46674 CryptoLib 安全漏洞 — CryptoLib 3.5 Low2025-04-27
CVE-2024-53648 Siemens SIPROTEC 5 安全漏洞 — SIPROTEC 5 6MD84 (CP300) 6.8 Medium2025-02-11
CVE-2024-9644 Four-Faith F3x36 安全漏洞 — F3x36 9.8 Critical2025-02-04
CVE-2024-9643 Four-Faith F3x36 安全漏洞 — F3x36 9.8 Critical2025-02-04
CVE-2024-46873 Sharp SH-05L、SH-52B、SH-54C和HR02 安全漏洞 — home 5G HR02 9.8 -2024-12-23
CVE-2022-20649 Cisco Redundancy Configuration Manager for Cisco StarOS 安全漏洞 — Cisco Redundancy Configuration Manager 8.1 High2024-11-15
CVE-2024-29075 SoftBank Mesh Wi-Fi router RP562B 安全漏洞 — Mesh Wi-Fi router RP562B 4.6 Medium2024-11-12
CVE-2024-41999 Smart-tab 安全漏洞 — Smart-tab Android app 6.8 -2024-09-30
CVE-2024-7756 Lenovo ThinkPad 安全漏洞 — 10w (Type 82ST, 82SU) Laptop (Lenovo) BIOS 6.8 Medium2024-09-13
CVE-2023-49593 LevelOne WBR-6013 安全漏洞 — WBR-6013 7.2 High2024-07-08
CVE-2024-21827 TP-LINK ER7206 安全漏洞 — ER7206 Omada Gigabit VPN Router 7.2 High2024-06-25
CVE-2024-21785 AutomationDirect P3-550E 安全漏洞 — P3-550E 9.8 Critical2024-05-28
CVE-2024-32047 Cyber Power Systems PowerPanel Business Edition 安全漏洞 — PowerPanel business 9.8 Critical2024-05-15
CVE-2024-30219 Planex MZK-MF300N 安全漏洞 — MZK-MF300N 6.8 Medium2024-04-15
CVE-2024-28008 NEC Corporation Aterm 安全漏洞 — WG1800HP4 9.8AICriticalAI2024-03-28
CVE-2023-4804 Johnson Controls FRICK Quantum HD Unity System Controller 安全漏洞 — Quantum HD Unity Compressor 10.0 Critical2023-11-10
CVE-2023-32645 Yifan YF325 安全漏洞 — YF325 9.8 Critical2023-10-11
CVE-2023-34346 Yifan YF325 缓冲区错误漏洞 — YF325 9.8 Critical2023-10-11

CWE-489(遗留的调试代码) 是常见的弱点类别,本平台收录该类弱点关联的 62 条 CVE 漏洞。