CVSS: 10.0EPSS: 2%CPEs: 28EXPL: 0CVE-2022-31479 – Remote Code Execution via command injection of the hostname
https://notcve.org/view.php?id=CVE-2022-31479
06 Jun 2022 — An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboar... • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-693: Protection Mechanism Failure •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0CVE-2020-36283
https://notcve.org/view.php?id=CVE-2020-36283
24 Mar 2021 — HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. Los lectores HID OMNIKEY 5427 y OMNIKEY 5127, son vulnerables a un ataque de tipo CSRF c... • https://exchange.xforce.ibmcloud.com/vulnerabilities/198443 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 3CVE-2019-13603
https://notcve.org/view.php?id=CVE-2019-13603
16 Jul 2019 — An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. It has a statically coded initialization vector to encrypt a user's fingerprint image, resulting in weak encryption of that. This, in combination with retrieving an encrypted fingerprint image and encryption key (through another vulnerability), allows an attacker to obtain a user's fingerprint image. Se detectó un problema en el controlador versión 5.0.0.... • https://github.com/sungjungk/fp-scanner-hacking • CWE-330: Use of Insufficiently Random Values •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17492
https://notcve.org/view.php?id=CVE-2018-17492
19 Mar 2019 — EasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application. EasyLobby Solo contiene credenciales de administrador por defecto. Un atacante remoto podría explotar esta vulnerabilidad para obtener acceso total a la aplicación. • https://exchange.xforce.ibmcloud.com/vulnerabilities/149652 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17491
https://notcve.org/view.php?id=CVE-2018-17491
19 Mar 2019 — EasyLobby Solo could allow a local attacker to gain elevated privileges on the system. By visiting the kiosk and typing "esc" to exit the program, an attacker could exploit this vulnerability to perform unauthorized actions on the computer. EasyLobby Solo podría permitir que un atacante local obtenga privilegios elevados en el sistema. Al visitar el quiosco y escribir "esc" para salir del programa, un atacante podría explotar esta vulnerabilidad para realizar acciones no autorizadas en el ordenador. • https://exchange.xforce.ibmcloud.com/vulnerabilities/149651 • CWE-862: Missing Authorization •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17490
https://notcve.org/view.php?id=CVE-2018-17490
19 Mar 2019 — EasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task manager, a local attacker could exploit this vulnerability to kill the process or launch new processes at will. EasyLobby Solo es vulnerable a una denegación de servicio (DoS). Al visitar el quiosco y acceder al gestor de tareas, un atacante local podría explotar esta vulnerabilidad para matar el proceso o lanzar nuevos procesos a voluntad. • https://exchange.xforce.ibmcloud.com/vulnerabilities/149650 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17489
https://notcve.org/view.php?id=CVE-2018-17489
19 Mar 2019 — EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers. EasyLobby Solo podría permitir que un atacante local obtenga información sensible, provocado por el almacenamiento del número de la seguridad social en texto plano. Al visitar el quiosco y ver la tabla Visitor de la... • https://exchange.xforce.ibmcloud.com/vulnerabilities/149649 • CWE-312: Cleartext Storage of Sensitive Information •