Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010.
References
Link | Resource |
---|---|
https://www.0x90.zone/multiple/reverse/2019/11/28/Anviz-pwn.html | Third Party Advisory |
Configurations
Information
Published : 2019-12-02 09:15
Updated : 2020-08-24 10:37
NVD link : CVE-2019-12390
Mitre link : CVE-2019-12390
JSON object : View
CWE
CWE-306
Missing Authentication for Critical Function
Products Affected
anviz
- anviz_firmware