CVE-2014-2938CVE-2014-2938

Affected configuration(s):

cpe:/h:hanon:faceid:f710
cpe:/h:hanon:faceid:f810
cpe:/h:hanon:faceid:fa007
cpe:/h:hanon:faceid:fk800
cpe:/o:hanon:faceid_f710_firmware:1.007.109
cpe:/o:hanon:faceid_f810_firmware:1.007.109
cpe:/o:hanon:faceid_fa007_firmware:1.007.109
cpe:/o:hanon:faceid_fk800_firmware:1.007.109

Date published: 2014-05-22T16:55:06.503-04:00

Date last modified: 2014-07-16T14:54:15.227-04:00

CVSS Score: 8.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.kb.cert.org/vuls/id/767044

Summary: Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.