CVE-2019-25241

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication...

FaceSentry Access Control System 6.4.8 - Remote Root Exploit

Exploit for hardware platform in category web applications !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote Root Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568...

FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery

Summary FaceSentry 5AN is a revolutionary smart identity management appliance that offers entry via biometric face identification, contactless smart card, staff ID, or QR-code. The QR-code upgrade allows you to share an eKey with guests while you're away from your Office and monitor all activity...

FaceSentry Access Control System 6.4.8 Cleartext Password Storage

Summary FaceSentry 5AN is a revolutionary smart identity management appliance that offers entry via biometric face identification, contactless smart card, staff ID, or QR-code. The QR-code upgrade allows you to share an eKey with guests while you're away from your Office and monitor all activity...