PT-2019-12782 · Anviz · Anviz Access Control Devices

Published

2019-12-02

Updated

2019-12-12

CVE-2019-12394

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Anviz access control devices (affected versions not specified)

Description The issue allows remote attackers to change the administrator password without prior authentication, due to the lack of verification for password changes. This enables unauthorized access to the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2019-12394

Affected Products

Anviz Access Control Devices

PT-2019-12782 · Anviz · Anviz Access Control Devices

CVE-2019-12394

Weakness Enumeration

Related Identifiers

Affected Products

References · 3