CVE-2025-31512

An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval via isAddedByApprover in a Request%20Building%20Access requestSubmit API call. The vendor has stated that the system is protected by updating to a version equal to or greater than one of the followin...

Alert Enterprise Guardian 安全漏洞

Alert Enterprise Guardian is a physical identity and access management system open-sourced by Alert Enterprise in the United States. A security vulnerability exists in Alert Enterprise Guardian version 4.1.14.2.2.1 that originates from bypassing manager approval via isAddedByApprover in the...

Alert Enterprise Guardian 安全漏洞

Alert Enterprise Guardian is a physical identity and access management system open-sourced by Alert Enterprise in the United States. A security vulnerability exists in Alert Enterprise Guardian version 4.1.14.2.2.1 that originates from bypassing manager approval by modifying the user ID in the...

Alert Enterprise Guardian 安全漏洞

Alert Enterprise Guardian is a physical identity and access management system open-sourced by Alert Enterprise in the United States. A security vulnerability exists in Alert Enterprise Guardian version 4.1.14.2.2.1, which originates from elevation to administrator privileges via the IsAdminApprov...

CVE-2025-31511

An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval by changing the user ID in a Request%20Building%20Access requestSubmit API call. The vendor has stated that the system is protected by updating to a version equal to or greater than one of the...

PT-2025-30453 · Alertenterprise · Alertenterprise Guardian

Name of the Vulnerable Software and Affected Versions: AlertEnterprise Guardian version 4.1.14.2.2.1 Description: An issue allows for privilege escalation to administrator privileges via manipulation of the IsAdminApprover parameter within a Request Building Access request submitted through the...

Default credentials

Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. This occurs in situations where the CVE-2019-7271 default credentials have been changed...

Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System

Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System By Trellix · June 9, 2022 This story was also written by Steve Povolny and Sam Quinn. Today at the Hardwear.io Security Trainings and Conference, Trellix Threat Labs is sharing new research into...

Hackers exploiting vulnerability in smart doors to launch DDoS attacks

By Waqas Smart door and building access control systems are currently the top targets of hackers to launch DDoS attacks distributed denial-of-service attacks. This is a post from HackRead.com Read the original post: Hackers exploiting vulnerability in smart doors to launch DDoS attacks...

DHS Not Addressing Cyber Threats to Building Access Systems

Civil watchdogs at the Government Accountability Office are warning the Department of Homeland Security and the Government Services Agency about unaddressed risks posed to building access control systems at federal facilities. The systems in question are those that prevent unauthorized access to...

German Researchers Break RFID Smartcard Encryption

German Researchers Break RFID Smartcard Encryption Scientists have found a way to circumvent the encryption used to protect a smartcard used to restrict access to buildings and to process public transit system payments. A team of German scientists have demonstrated a hack that lets them make a...