Filtered by vendor Assaabloy
Subscribe
Total
13 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-2044 | 1 Assaabloy | 1 Control Id Idsecure | 2024-05-17 | 4.0 MEDIUM | 6.1 MEDIUM |
A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. This vulnerability affects unknown code of the component Dispositivos Page. The manipulation of the argument IP-DNS leads to cross site scripting. The attack can be initiated remotely. VDB-225922 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2023-2043 | 1 Assaabloy | 1 Control Id Rhid | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
A vulnerability, which was classified as problematic, was found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/customerdb/operator.svc/a of the component Edit Handler. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-225921 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2020-23826 | 1 Assaabloy | 2 Yale Wipc-303w, Yale Wipc-303w Firmware | 2024-05-17 | 6.5 MEDIUM | 8.8 HIGH |
** DISPUTED ** The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. NOTE: This may be a duplicate of CVE-2020-10176 . | |||||
CVE-2023-26941 | 1 Assaabloy | 2 Yale Conexis L1, Yale Conexis L1 Firmware | 2024-02-05 | N/A | 6.5 MEDIUM |
Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original. | |||||
CVE-2023-26942 | 1 Assaabloy | 2 Yale Ia-210, Yale Ia-210 Firmware | 2024-02-05 | N/A | 6.5 MEDIUM |
Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original. | |||||
CVE-2023-26943 | 1 Assaabloy | 2 Yale Keyless Smart Lock, Yale Keyless Smart Lock Firmware | 2024-02-05 | N/A | 6.5 MEDIUM |
Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original. | |||||
CVE-2023-33371 | 1 Assaabloy | 1 Control Id Idsecure | 2024-02-05 | N/A | 9.8 CRITICAL |
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. | |||||
CVE-2023-33368 | 1 Assaabloy | 1 Control Id Idsecure | 2024-02-05 | N/A | 6.5 MEDIUM |
Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes. | |||||
CVE-2023-33367 | 1 Assaabloy | 1 Control Id Idsecure | 2024-02-05 | N/A | 9.8 CRITICAL |
A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution. | |||||
CVE-2023-33369 | 1 Assaabloy | 1 Control Id Idsecure | 2024-02-05 | N/A | 9.1 CRITICAL |
A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service. | |||||
CVE-2023-33370 | 1 Assaabloy | 1 Control Id Idsecure | 2024-02-05 | N/A | 7.5 HIGH |
An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service. | |||||
CVE-2020-10176 | 1 Assaabloy | 2 Yale Wipc-301w, Yale Wipc-301w Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow Eval Injection of commands. | |||||
CVE-2019-13604 | 1 Assaabloy | 2 Hid Digitalpersona 4500, Hid Digitalpersona 4500 Firmware | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader v24. The key for obfuscating the fingerprint image is vulnerable to brute-force attacks. This allows an attacker to recover the key and decrypt that image using the key. Successful exploitation causes a sensitive biometric information leak. |