Filtered by vendor Anviz
Subscribe
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12518 | 1 Anviz | 1 Crosschex | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability. | |||||
| CVE-2019-12392 | 1 Anviz | 1 Anviz Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Anviz access control devices allow remote attackers to issue commands without a password. | |||||
| CVE-2019-12388 | 1 Anviz | 1 Anviz Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins and names) when replying to query on port tcp/5010. | |||||
| CVE-2019-12390 | 1 Anviz | 1 Anviz Firmware | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010. | |||||
| CVE-2019-12389 | 1 Anviz | 1 Anviz Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010. | |||||
| CVE-2019-12391 | 1 Anviz | 1 Management System | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The Anviz Management System for access control has insufficient logging for device events such as door open requests. | |||||
| CVE-2019-12394 | 1 Anviz | 1 Management System | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication. | |||||
| CVE-2019-12393 | 1 Anviz | 1 Management System | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests. | |||||
| CVE-2019-11523 | 1 Anviz | 2 M3, M3 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No authentication/encryption is done. Attackers can fully interact with the device: for example, send the "open door" command, download the users list (which includes RFID codes and passcodes in cleartext), or update/create users. The same attack can be executed on a local network and over the internet (if the device is exposed on a public IP address). | |||||