CVE-2024-29840 Broken Access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve PIN field values

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETPINFIELDS, allowing for an unauthenticated attacker to return the pin value of any user...

CVE-2024-29840

Affected : Evolution Controller Web interface (versions ≤ 2.04.560.31.03.2024). Vulnerability : poorly configured access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS. Impact : unauthenticated attacker can retrieve PIN value of any user. No remediation details are provided in the supplied documents.

CVE-2024-29840 Broken Access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve PIN field values

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETPINFIELDS, allowing for an unauthenticated attacker to return the pin value of any user...

CVE-2024-29839

The CVE-2024-29839 entry concerns Evolution Controller Web UI prior to a certain version. Affected: Evolution Controller Versions 2.04.560.31.03.2024 and earlier. Root cause: poorly configured access control on the DESKTOP_EDIT_USER_GET_CARD endpoint. Impact: unauthenticated attackers can retriev...

CVE-2024-29839 Broken Access control on DESKTOP_EDIT_USER_GET_CARD in Evolution Controller allows unauthenticated attackers to retrieve card data values.

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETCARD, allowing for an unauthenticated attacker to return the card value data of any user...

CVE-2024-29839 Broken Access control on DESKTOP_EDIT_USER_GET_CARD in Evolution Controller allows unauthenticated attackers to retrieve card data values.

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETCARD, allowing for an unauthenticated attacker to return the card value data of any user...

CVE-2024-29838 Unsanitised variable on DAL_ADD in Evolution Controller causes application level denial of service and crash

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user input, allowing for an unauthenticated attacker to crash the controller software...

CVE-2024-29838 Unsanitised variable on DAL_ADD in Evolution Controller causes application level denial of service and crash

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user input, allowing for an unauthenticated attacker to crash the controller software...

CVE-2024-29838

Technical details about CVE-2024-29838 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories.

CVE-2024-29837 Poor session management in Evolution Controller allows administrator functionality for unauthenticated connections

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in...

CVE-2024-29837

In Evolution Controller, the Web interface vulnerability CVE-2024-29837 affects Versions 2.04.560.31.03.2024 and earlier. The root cause is poor session management, enabling an unauthenticated attacker to access administrator functionality if any other user is already signed in. This is evidenced...

CVE-2024-29837 Poor session management in Evolution Controller allows administrator functionality for unauthenticated connections

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in...

CVE-2024-29836

CVE-2024-29836 affects Evolution Controller Web interface up to version 2.04.560.31.03.2024 and earlier. The vulnerability is due to poorly configured access control in the web interface, enabling an unauthenticated attacker to update and add user profiles and thereby gain full access to the site...

CVE-2024-29836 Broken Authentication on USER_CHANGE in Evolution Controller allows unauthenticated account creation and takeover

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the site...

CVE-2024-29836 Broken Authentication on USER_CHANGE in Evolution Controller allows unauthenticated account creation and takeover

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the site...

DirectCyber Evolution Controller 安全漏洞

DirectCyber Evolution Controller is an access control controller software from DirectCyber, Inc. that is used to controller physical access to facilities. A security vulnerability exists in DirectCyber Evolution Controller version 2.04.560.31.03.2024 and prior versions, which stems from an...

PT-2024-23074

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below Description The Web interface of Evolution Controller uses poor session management, allowing an unauthenticated attacker to access administrator functionality if any other user is...

DirectCyber Evolution Controller 安全漏洞

DirectCyber Evolution Controller is an access control controller software from DirectCyber, Inc. that is used for physical access to the facility by the controller. A security vulnerability exists in DirectCyber Evolution Controller version 2.04.560.31.03.2024 and prior versions, which stems from...

PT-2024-23073

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below Description The Web interface of Evolution Controller contains poorly configured access control, allowing an unauthenticated attacker to update and add user profiles within the...

PT-2024-23079

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below Description The issue concerns poorly configured access control on DESKTOP EDIT USER GET KEYS FIELDS in the Web interface, allowing an unauthenticated attacker to return the keys valu...