CVE-2019-11523

Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No authentication/encryption is done. Attackers can fully interact with the device: for example, send the "open door" command, download the users list (which includes RFID codes and passcodes in cleartext), or update/create users. The same attack can be executed on a local network and over the internet (if the device is exposed on a public IP address).
References
Link Resource
https://github.com/wizlab-it/anviz-m3-rfid-cve-2019-11523-poc Mitigation Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:anviz:m3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:anviz:m3:-:*:*:*:*:*:*:*

Information

Published : 2019-06-06 13:29

Updated : 2020-08-24 10:37


NVD link : CVE-2019-11523

Mitre link : CVE-2019-11523


JSON object : View

CWE
CWE-311

Missing Encryption of Sensitive Data

CWE-306

Missing Authentication for Critical Function

Advertisement

dedicated server usa

Products Affected

anviz

  • m3_firmware
  • m3