EUVD-2026-9393

Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice Extension:NSFileRepo modules allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and Access Controls.This...

CVE-2021-41847

An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST requests, allowing them to view user data such as personal information and Prox card credential...

EUVD-2022-49124

Malicious code in bioql PyPI...

EUVD-2021-28848

Malicious code in bioql PyPI...

Key safe security, or the lack of it

A few years back we put a key safe into our office. Previously, we had used a very simple locked cabinet to ensure keys were returned, as before that, keys kept being accidentally taken home. There’s no data of significance kept at the office. Everything is hosted elsewhere, but we could do witho...

PT-2024-15174 · Kontrol +2 · Kontrol +3

Name of the Vulnerable Software and Affected Versions: Sciener firmware affected versions not specified Description: The issue concerns the unlockKey character in locks using Sciener firmware, which can be compromised through brute force attacks by sending repeated challenge requests. This affect...

CVE-2022-46307

SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks...

Authorization

SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks...

CVE-2022-46307 SGUDA U-Lock - Broken Access Control

SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks...

SGUDA U-Lock 安全漏洞

SGUDA U-Lock is a smart electronic lock from SGUDA China. A security vulnerability exists in SGUDA U-Lock, which stems from an authorization error in the lock management function of the central locking service. A remote attacker could use this vulnerability to invoke a privileged API to obtain...

PT-2023-14904 · Sguda · Sguda U-Lock

Name of the Vulnerable Software and Affected Versions: SGUDA U-Lock central lock control service affected versions not specified Description: The issue is related to incorrect authorization in the lock management function of the SGUDA U-Lock central lock control service. A remote attacker with...

CVE-2022-46307

CVE-2022-46307 affects SGUDA U-Lock central lock control service. The lock management function has incorrect authorization, enabling a remote attacker with general privileges to call privileged APIs to obtain information, manipulate, or disrupt electronic locks. Connected sources corroborate the ...

CVE-2022-46307 SGUDA U-Lock - Broken Access Control

SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks...

CVE-2022-46307

SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks...

Information disclosure

An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST requests, allowing them to view user data such as personal information and Prox card credential...

CVE-2021-41847

An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST requests, allowing them to view user data such as personal information and Prox card credential...

Side-Channel Attack against Electronic Locks

Several high-security electronic locks are vulnerable to side-channel attacks involving power monitoring...

Hardware reverse engineering. A tale from the workbench

In line with our previous work on the Tapplock, I decided to have some fun with some electronic locks and ordered a few from a large retail company. Half of these are currently en route to me, on the slowboat from China, but one arrived early. Before I state, let me just say here that I’m not...

Security Vulnerabilities in VingCard Electronic Locks

Researchers have disclosed a massive vulnerability in the VingCard eletronic lock system, used in hotel rooms around the world: With a $300 Proxmark RFID card reading and writing tool, any expired keycard pulled from the trash of a target hotel, and a set of cryptographic tricks developed over...

Samsung's SmartThings platform is explosive new vulnerabilities, can trigger the fire alarm-vulnerability warning-the black bar safety net

The researchers found that Samsung's SmartThings platform, there are multiple vulnerabilities for the attacker to invade a victim's home the door open. ! Security research team found in Samsung SmartThings platform in the presence of a plurality of security vulnerability for the network attacker ...