Mike Kelly

**Name of the Vulnerable Software and Affected Versions** AMAG Symmetry Door Edge Network Controllers versions 03.60 AMAG Symmetry Door Edge Network Controllers versions 01.00 **Description** The issue allows remote attackers to execute door controller commands, such as lock, unlock, or add ID card value, by sending unauthenticated requests to the affected devices via Serial over TCP/IP. This can be demonstrated by sending a Ud command. **Recommendations** For AMAG Symmetry Door Edge Network Controllers version 03.60, update the device to a version that includes proper access control to prevent unauthenticated requests. For AMAG Symmetry Door Edge Network Controllers version 01.00, restrict access to the Serial over TCP/IP interface until a patch is available that addresses the incorrect access control issue.