Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:29 p.m.11 views

CVE-2020-21999

iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script...

9CVSS8.1AI score0.05242EPSS
Exploits2
OSV
OSV
added 2021/05/04 4:15 p.m.5 views

CVE-2020-21999

iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script...

8.8CVSS6AI score0.05242EPSS
Exploits2References2
CVE
CVE
added 2021/05/04 3:21 p.m.64 views

CVE-2020-21999

CVE-2020-21999 affects iWT FaceSentry Access Control System (Firmware 6.4.8, 5.7.x) where an authenticated OS command injection is possible via the strInIP POST parameter in pingTest.php. The vulnerability uses default credentials and executes sudo ping with user-supplied input, enabling arbitrar...

9CVSS9AI score0.05242EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/05/04 3:21 p.m.21 views

CVE-2020-21999

iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script...

9.1AI score0.05242EPSS
Exploits2References2
Rows per page
Query Builder