CWE-912 - Hidden Functionality (Backdoor)

Description

The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the software's users or administrators. Hidden functionality can take many forms, such as intentionally malicious code, "Easter Eggs" that contain extraneous functionality such as games, developer-friendly shortcuts that reduce maintenance or support costs such as hard-coded accounts, etc. From a security perspective, even when the functionality is not intentionally malicious or damaging, it can increase the software's attack surface and expose additional weaknesses beyond what is already exposed by the intended functionality. Even if it is not easily accessible, the hidden functionality could be useful for attacks that modify the control flow of the application. The weakness is introduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-912

Denial of service in Siemens SENTRON 3KC ATC6 Ethernet Module 2024-03-13
Medium No

Multiple vulnerabilities in CBC digital video recorders 2023-08-25
Medium Yes

Multiple vulnerabilities in KbDevice digital video recorders 2023-06-06
Medium Yes

Multiple vulnerabilities in Snap One OvrC Pro 2023-05-19
High Yes

Hidden functionality in NETGEAR Orbi WiFi Systems 2023-03-24
Low Yes

Multiple vulnerabilities in Akuvox E11 2023-03-13
High No

Multiple vulnerabilities in PIXELA PIX-RT100 2023-01-12
Medium Yes

Multiple vulnerabilities in Buffalo network devices 2022-12-09
Medium Yes

Multiple vulnerabilities in UNIMO Technology digital video recorders 2022-12-02
Medium Yes

References

Description of CWE-912 on Mitre website