CVE-2019-18651

A cross-site request forgery CSRF vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions e.g., delete application users by sending a crafted HTML document or encoded URL to a user that the website trusts. The user...

CVE-2020-12681

Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an attacker to intercept/control the channel by which door lock policies are applied...

EUVD-2019-8370

Malware in sbrugna...

EUVD-2020-4977

Malware in sbrugna...

EUVD-2020-3893

Malware in sbrugna...

EUVD-2021-28848

Malicious code in bioql PyPI...

CVE-2020-11542

3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the MYKEY substring...

Information disclosure

An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST requests, allowing them to view user data such as personal information and Prox card credential...

CVE-2021-41847

The CVE-2021-41847 entry concerns 3xLogic Infinias Access Control up to version 6.7.10708.0. The issue allows users with credentials for a specific zone to issue modified HTTP GET/POST requests to view personal data and Prox card credentials, and to unlock electronic locks of other zones. Additio...

CVE-2021-41847

An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST requests, allowing them to view user data such as personal information and Prox card credential...

CVE-2020-12681

Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an attacker to intercept/control the channel by which door lock policies are applied...

Design/Logic Flaw

Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an attacker to intercept/control the channel by which door lock policies are applied...

CVE-2020-12681

Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an attacker to intercept/control the channel by which door lock policies are applied...

CVE-2020-12681

The CVE-2020-12681 issue affects 3xLogic Infinias eIDC32 devices (through version 3.4.125). Root cause: missing TLS certificate validation, enabling an attacker to intercept or control the channel used to apply door lock policies. Impact, as stated, is the interception/control of policy applicati...

CVE-2020-11542

3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the MYKEY substring...

Authentication flaw

3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the MYKEY substring...

CVE-2020-11542

The connected documents provide concrete details for CVE-2020-11542 affecting 3xLOGIC Infinias eIDC32 Web version 1.107 with firmware 32 2.213. The root cause is authentication relying on client-side parsing of the MYKEY string, enabling an Authentication Bypass via CMD.HTM?CMD= without requiring...

CVE-2020-11542

3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the MYKEY substring...

CVE-2019-18651

A cross-site request forgery CSRF vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions e.g., delete application users by sending a crafted HTML document or encoded URL to a user that the website trusts. The user...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions e.g., delete application users by sending a crafted HTML document or encoded URL to a user that the website trusts. The user...