Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-489 (遗留的调试代码) — Vulnerability Class 62

62 vulnerabilities classified as CWE-489 (遗留的调试代码). AI Chinese analysis included.

CWE-489 represents a critical code quality weakness where software is deployed with active debugging mechanisms still enabled. This flaw typically arises when developers fail to strip diagnostic code before release, leaving behind verbose logging, interactive shells, or memory inspection tools. Attackers exploit these remnants to gain unauthorized access, bypass authentication controls, or extract sensitive data by triggering debug endpoints that were never intended for production environments. To mitigate this risk, developers must enforce strict build configurations that automatically disable all debugging features in release modes. Implementing automated code analysis tools during the continuous integration pipeline helps detect lingering debug statements, while rigorous code reviews ensure that no diagnostic logic persists in the final binary. Ultimately, treating debug code as a security liability rather than a convenience is essential for maintaining application integrity and preventing unintended exposure of internal system states.

MITRE CWE Description
The product is released with debugging code still enabled or active.
Common Consequences (1)
Confidentiality, Integrity, Availability, Access Control, OtherBypass Protection Mechanism, Read Application Data, Gain Privileges or Assume Identity, Varies by Context
Active debug code can create unintended entry points or expose sensitive information. The severity of the exposed debug code will depend on the particular instance. At the least, it will give an attacker sensitive information about the settings and mechanics of web applications on the server. At wor…
Mitigations (1)
Build and Compilation, DistributionRemove debug code before deploying the application.
Examples (1)
Debug code can be used to bypass authentication. For example, suppose an application has a login script that receives a username and a password. Assume also that a third, optional, parameter, called "debug", is interpreted by the script as requesting a switch to debug mode, and that when this parameter is given the username and password are not checked. In such a case, it is very simple to bypass …
<FORM ACTION="/authenticate_login.cgi"> <INPUT TYPE=TEXT name=username> <INPUT TYPE=PASSWORD name=password> <INPUT TYPE=SUBMIT> </FORM>
Bad · HTML
http://TARGET/authenticate_login.cgi?username=...&password=...
Informative
CVE IDTitleCVSSSeverityPublished
CVE-2026-40035 Unfurl - Werkzeug Debugger Exposure via String Config Parsing — unfurl 9.1 Critical2026-04-08
CVE-2026-32662 Gardyn Cloud API Active Debug Code — Cloud API 5.3 Medium2026-04-03
CVE-2026-33201 GREEN HOUSE Digital Photo Frame 安全漏洞 — Digital Photo Frame GH-WDF10A 8.4AIHighAI2026-03-26
CVE-2025-15017 Moxa NPort 5000 Series 安全漏洞 — NPort 5000AI-M12 Series 7.6 -2025-12-31
CVE-2025-42872 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal — SAP NetWeaver Enterprise Portal 6.1 Medium2025-12-09
CVE-2025-2486 UEFI Shell accessible in AAVMF with Secure Boot enabled on Ubuntu — edk2 6.0AIMediumAI2025-11-26
CVE-2025-64983 SwitchBot Smart Video Doorbell 安全漏洞 — Smart Video Doorbell 9.8AICriticalAI2025-11-26
CVE-2025-54660 Fortinet FortiClientWindows 安全漏洞 — FortiClientWindows 4.9 Medium2025-11-18
CVE-2025-4106 WatchGuard Firebox leftover debug code vulnerability — Fireware OS 7.2 -2025-10-24
CVE-2025-21472 Leftover Debug Code in Secure Element — Snapdragon 5.5 Medium2025-08-06
CVE-2025-7705 Authentication bypass due to compatibility mode enabled by default — Switch Actuator 4 DU-83330 6.8 Medium2025-07-22
CVE-2025-1479 Lenovo Legion Space 安全漏洞 — Legion Space for Legion Go 5.3 Medium2025-05-30
CVE-2025-46674 CryptoLib 安全漏洞 — CryptoLib 3.5 Low2025-04-27
CVE-2024-53648 Siemens SIPROTEC 5 安全漏洞 — SIPROTEC 5 6MD84 (CP300) 6.8 Medium2025-02-11
CVE-2024-9644 Four-Faith F3x36 bapply.cgi Auth Bypass — F3x36 9.8 Critical2025-02-04
CVE-2024-9643 Four-Faith F3x36 Hidden Debug Credentials — F3x36 9.8 Critical2025-02-04
CVE-2024-46873 Sharp SH-05L、SH-52B、SH-54C和HR02 安全漏洞 — home 5G HR02 9.8 -2024-12-23
CVE-2022-20649 Cisco Redundancy Configuration Manager Debug Remote Code Execution Vulnerability — Cisco Redundancy Configuration Manager 8.1 High2024-11-15
CVE-2024-29075 SoftBank Mesh Wi-Fi router RP562B 安全漏洞 — Mesh Wi-Fi router RP562B 4.6 Medium2024-11-12
CVE-2024-41999 Smart-tab 安全漏洞 — Smart-tab Android app 6.8 -2024-09-30
CVE-2024-7756 Lenovo ThinkPad 安全漏洞 — 10w (Type 82ST, 82SU) Laptop (Lenovo) BIOS 6.8 Medium2024-09-13
CVE-2023-49593 LevelOne WBR-6013 安全漏洞 — WBR-6013 7.2 High2024-07-08
CVE-2024-21827 TP-LINK ER7206 安全漏洞 — ER7206 Omada Gigabit VPN Router 7.2 High2024-06-25
CVE-2024-21785 AutomationDirect P3-550E 安全漏洞 — P3-550E 9.8 Critical2024-05-28
CVE-2024-32047 CyberPower PowerPanel business Active Debug Code — PowerPanel business 9.8 Critical2024-05-15
CVE-2024-30219 Planex MZK-MF300N 安全漏洞 — MZK-MF300N 6.8 Medium2024-04-15
CVE-2024-28008 NEC Corporation Aterm 安全漏洞 — WG1800HP4 9.8AICriticalAI2024-03-28
CVE-2023-4804 Quantum HD Unity — Quantum HD Unity Compressor 10.0 Critical2023-11-10
CVE-2023-32645 Yifan YF325 安全漏洞 — YF325 9.8 Critical2023-10-11
CVE-2023-34346 Yifan YF325 缓冲区错误漏洞 — YF325 9.8 Critical2023-10-11

Vulnerabilities classified as CWE-489 (遗留的调试代码) represent 62 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.