CWE-276 缺省权限不正确类漏洞列表 464

CWE-276 缺省权限不正确类弱点 464 条 CVE 漏洞汇总，含 AI 中文分析。

CWE-276 属于权限配置不当类漏洞，指软件在安装过程中将文件权限错误地设置为允许任何用户修改。攻击者通常利用此缺陷，通过篡改关键配置文件或二进制文件植入恶意代码，从而在后续执行中获得未授权访问或提升权限。开发者应避免使用过于宽松的默认权限，遵循最小权限原则，在部署时显式设置严格的访问控制，确保仅授权用户具备读写执行权限，从而从源头消除安全隐患。

MITRE CWE 官方描述

CWE：CWE-276 Incorrect Default Permissions 英文：在安装过程中，已安装文件的权限被设置为允许任何人修改这些文件。

常见影响 (1)

Confidentiality, IntegrityRead Application Data, Modify Application Data

缓解措施 (2)

Architecture and Design, OperationThe architecture needs to access and modification attributes for files to only those users who actually require those actions.

Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…

CVE ID	标题	CVSS	风险等级	Published
CVE-2018-13287	Synology Router Manager 权限许可和访问控制问题漏洞 — Synology Router Manager (SRM)	6.5	-	2019-04-01
CVE-2018-13286	Synology DiskStation Manager 信息泄露漏洞 — DiskStation Manager (DSM)	4.3	-	2019-04-01
CVE-2018-10605	Martem TELEM GW6/GWM 权限许可和访问控制问题漏洞 — TELEM-GW6/GWM	8.8	-	2018-10-01
CVE-2018-8848	Philips e-Alert 安全漏洞 — e-Alert Unit (non-medical device)	9.8	-	2018-09-26
CVE-2018-11453	Siemens SIMATIC STEP 7和WinCC 安全漏洞 — SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15	8.4	-	2018-08-07
CVE-2018-11454	Siemens SIMATIC STEP 7和WinCC 安全漏洞 — SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15	8.4	-	2018-08-07
CVE-2017-3209	DBPOWER U818A 安全漏洞 — U818A WiFi Quadcopter Drone	8.1	-	2018-07-24
CVE-2017-3210	Portrait Displays SDK 配置错误漏洞 — SDK	7.8	-	2018-07-24
CVE-2018-10604	SEL Compass 安全漏洞 — Compass	7.8	-	2018-07-24
CVE-2018-7533	OSIsoft PI Data Archive 安全漏洞 — OSIsoft PI Data Archive	7.8	-	2018-03-14
CVE-2017-12699	AzeoTech DAQFactory 安全漏洞 — AzeoTech DAQFactory	5.5	-	2017-09-09
CVE-2017-11156	Synology Download Station 安全漏洞 — Synology Download Station	7.8	-	2017-08-14
CVE-2017-7968	Schneider Electric Wonderware InduSoft Web Studio 安全漏洞 — Schneider Electric Wonderware InduSoft Web Studio	7.8	-	2017-05-19
CVE-2013-0266	PackStack puppetlabs-cinder模块密码读取漏洞 — Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)	5.5	Medium	2013-03-08

CWE-276（缺省权限不正确）是常见的弱点类别，本平台收录该类弱点关联的 464 条 CVE 漏洞。

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

CWE-276 缺省权限不正确 类漏洞列表 464

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

CWE-276 缺省权限不正确类漏洞列表 464