Published: 06/06/2019 Updated: 24/08/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No authentication/encryption is done. Attackers can fully interact with the device: for example, send the "open door" command, download the users list (which includes RFID codes and passcodes in cleartext), or update/create users. The same attack can be executed on a local network and over the internet (if the device is exposed on a public IP address).

Vulnerable Product	Search on Vulmon	Subscribe to Product
anviz m3_firmware -

Full Disclosure mailing list archives   By Date By Thread </form>    Anviz M3 RFID Access Control security issues   From: Marco <se ...

Anviz M3 RFID CVE-2019-11523 PoC

Anviz M3 RFID Access Control security issues Security issues have been found in the Anviz M3 RFID Access Control device when working in standalone mode connected to a TCP/IP network, that could lead to access control bypass and private informations leakage and alteration Advisory information TITLE: Anviz M3 RFID Access Control security issues ADVISORY URL: githubcom/w

CWE-306 CWE-311 https://github.com/wizlab-it/anviz-m3-rfid-cve-2019-11523-poc https://nvd.nist.gov https://github.com/wizlab-it/anviz-m3-rfid-cve-2019-11523-poc http://seclists.org/fulldisclosure/2019/May/51

CVE-2019-11523

Vulnerability Summary

Vulnerability Trend

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect