23 matches found
CVE-2021-47706
COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass...
EUVD-2021-34733
COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass...
CVE-2021-47706
The CVE-2021-47706 entry concerns COMMAX Biometric Access Control System 1.0.0, where an authentication bypass arises from cookie poisoning. The root cause is forged cookies that bypass authentication, enabling unauthenticated access to sensitive information and circumvention of physical controls...
EUVD-2025-22080
Malicious code in bioql PyPI...
Critical Vulnerabilities Exposing Chinese Biometric Readers to Unauthorized Access
Is your fingerprint scanner safe? New research reveals 24 vulnerabilities in ZKTeco biometric access systems. This exposes critical facilities and businesses to a range of security risks. Learn how to protect yourself from unauthorized access, data theft, and system manipulation...
ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws
An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake ...
COMMAX Biometric Access Control System 1.0.0 Cross Site Scripting
COMMAX Biometric Access Control System 1.0.0 Cookie Reflected XSS Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: 1.0.0 Summary: Biometric access control system. Desc: The application is vulnerable to an unauthenticated reflected cross-site scripting XSS...
COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass
Exploit Title: COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Biometric Access Control System 1.0.0 Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page:...
COMMAX Biometric Access Control System 1.0.0 Authentication Bypass
COMMAX Biometric Access Control System 1.0.0 Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: 1.0.0 Summary: Biometric access control system. Desc: The application suffers from an authentication bypass vulnerability. An unauthenticated...
COMMAX Biometric Access Control System 1.0.0 Cookie Reflected XSS
Summary Biometric access control system. Description The application is vulnerable to an unauthenticated reflected cross-site scripting XSS vulnerability. Input passed to the Cookies 'CMXADMINNM' and 'CMXCOMPLEXNM' is not properly sanitised before being returned to the user. This can be exploited...
COMMAX Biometric Access Control System 1.0.0 Authentication Bypass
Summary Biometric access control system. Description The application suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can bypass authentication and disclose sensitive information and circumvent physical controls in smart homes and buildings...
SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF
Exploit Title: SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF Date: 25.01.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.soyal.com.tw https://www.soyal.com Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com...
SOYAL Biometric Access Control System 5.0 - (Change Admin Password) CSRF Vulnerability
Exploit Title: SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF Exploit Author: LiquidWorm Vendor Homepage: https://www.soyal.com.tw https://www.soyal.com Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affected version:...
SOYAL Biometric Access Control System 5.0 Weak Default Credentials
Summary Soyal Access systems are built into Raytel Door Entry Systems and are providing access and lift control to many buildings from public and private apartment blocks to prestigious public buildings. Description The web control panel uses weak set of default administrative credentials no...
CVE-2017-17876
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter...
Iris ID IrisAccess ICU 7000-2 Remote Root Command Execution
i? Iris ID IrisAccess ICU 7000-2 Remote Root Command Execution Vendor: Iris ID, Inc. Product web page: http://www.irisid.com http://www.irisid.com/productssolutions/hardwareproducts/icu-7000-2/ Affected version: ICU Software: 1.00.08 ICU OS: 1.3.8 ICU File system: 1.3.8 EIF Firmware Channel 1: 1....
Iris ID IrisAccess ICU 7000-2 - Remote Root Command Execution
Exploit for cgi platform in category web applications Iris ID IrisAccess ICU 7000-2 Remote Root Command Execution Vendor: Iris ID, Inc. Product web page: http://www.irisid.com http://www.irisid.com/productssolutions/hardwareproducts/icu-7000-2/ Affected version: ICU Software: 1.00.08 ICU OS: 1.3....
Iris ID IrisAccess ICU 7000-2 Remote Root Command Execution
Summary The ICU 7000-2 is an optional component used when the client requires iris template data to be matched on the secure side of the door. When using ICU no data is stored in the iCAM7 Iris Reader itself. The ICU also ensures that portal operation can continue if the there is an interruption ...
Iris ID IrisAccess ICU 7000-2 - Remote Command Execution
Iris ID IrisAccess ICU 7000-2 Remote Root Command Execution Vendor: Iris ID, Inc. Product web page: http://www.irisid.com http://www.irisid.com/productssolutions/hardwareproducts/icu-7000-2/ Affected version: ICU Software: 1.00.08 ICU OS: 1.3.8 ICU File system: 1.3.8 EIF Firmware Channel 1: 1.9...
iGuard Biometric Access Control - Multiple Vulnerabilities
Title: ====== iGuard Biometric Access Control - Multiple Vulnerabilities Date: ===== 2011-11-08 References: =========== 2011/Q3-4 URL: http://vulnerability-lab.com/getcontent.php?id=104 VL-ID: ===== 104 Introduction: ============= Each iGuard Biometric / Smart Card Security Appliance has a built-...