PT-2019-12782 · Anviz · Anviz Access Control Devices

Publicado

2019-12-02

Atualizado

2019-12-12

CVE-2019-12394

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Anviz access control devices (affected versions not specified)

Description The issue allows remote attackers to change the administrator password without prior authentication, due to the lack of verification for password changes. This enables unauthorized access to the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2019-12394

Produtos afetados

Anviz Access Control Devices

PT-2019-12782 · Anviz · Anviz Access Control Devices

CVE-2019-12394

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3