CVE-2020-12681

Name of the Vulnerable Software and Affected Versions 3xLogic Infinias eIDC32 devices through 3.4.125

Description The issue is related to missing TLS certificate validation, which allows an attacker to intercept or control the channel used for applying door lock policies.

Recommendations For versions through 3.4.125, consider disabling TLS connections until a patch is available, and restrict access to the door lock policy application channel to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.