CVE-2019-11523

Name of the Vulnerable Software and Affected Versions Anviz Global M3 Outdoor RFID Access Control (affected versions not specified)

Description The issue allows attackers to execute any command on the device without authentication or encryption. This enables full interaction with the device, including sending commands like "open door", downloading the users list which contains RFID codes and passcodes in cleartext, or updating/creating users. The attack can be performed both on a local network and over the internet if the device is exposed to a public IP address.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.