Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
assaabloy vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-10176
ASSA ABLOY Yale WIPC-301W 2.x.2.29 up to and including 2.x.2.43_p1 devices allow Eval Injection of commands.
Assaabloy Yale Wipc-301w Firmware 2.x.2.43
Assaabloy Yale Wipc-301w Firmware
6.5
CVSSv2
CVE-2020-23826
The Yale WIPC-303W 2.21 up to and including 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. NOTE: This may be a duplicate of CVE-2020-10176
Assaabloy Yale Wipc-303w Firmware
NA
CVE-2023-26943
Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows malicious users to create a cloned tag via physical proximity to the original.
Assaabloy Yale Keyless Smart Lock Firmware 1.0
4.3
CVSSv2
CVE-2019-13604
There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader v24. The key for obfuscating the fingerprint image is vulnerable to brute-force attacks. This allows an malicious user to recover the key and decrypt that image u...
Assaabloy Hid Digitalpersona 4500 Firmware 24
1 Github repository
NA
CVE-2023-26941
Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows malicious users to create a cloned tag via physical proximity to the original.
Assaabloy Yale Conexis L1 Firmware 1.1.0
NA
CVE-2023-26942
Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows malicious users to create a cloned tag via physical proximity to the original.
Assaabloy Yale Ia-210 Firmware 1.0
NA
CVE-2023-33370
An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing malicious users to cause the main web server of IDSecure to fault and crash, causing a denial of service.
Assaabloy Control Id Idsecure
NA
CVE-2023-33371
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing malicious users to sign arbitrary session tokens and bypass authentication.
Assaabloy Control Id Idsecure
NA
CVE-2023-33367
A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated malicious users to write PHP files on the server's root directory, resulting in remote code execution.
Assaabloy Control Id Idsecure
NA
CVE-2023-33368
Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes.
Assaabloy Control Id Idsecure
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5274
CVE-2024-35388
CVE-2024-35396
elevation of privilege
CVE-2021-47544
file upload
CVE-2021-47545
memory leak
CVE-2024-4956
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »