CVE-2020-21999

CVE-2020-21999 affects iWT FaceSentry Access Control System (Firmware 6.4.8, 5.7.x) where an authenticated OS command injection is possible via the strInIP POST parameter in pingTest.php. The vulnerability uses default credentials and executes sudo ping with user-supplied input, enabling arbitrar...

CVE-2020-21999

iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script...

iWT FaceSentry Access Control System 操作系统命令注入漏洞

iWT FaceSentry Access Control System is an iWT open source application. It provides an access control function. iWT FaceSentry Access Control System 6.4.8 suffers from an operating system command injection vulnerability that allows injection of authenticated OS commands using default credentials...

FaceSentry Access Control System 6.4.8 - Remote SSH Root Exploit

Exploit for hardware platform in category web applications !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote SSH Root Access Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7....

FaceSentry Access Control System 6.4.8 - Remote Command Injection Vulnerability

Exploit for hardware platform in category web applications FaceSentry Access Control System 6.4.8 Remote Command Injection Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build...

FaceSentry Access Control System 6.4.8 - Remote Root Exploit

Exploit for hardware platform in category web applications !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote Root Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568...

FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 buil...

FaceSentry Access Control System 6.4.8 Remote Command Injection

FaceSentry Access Control System 6.4.8 Remote Command Injection Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14 Summary: FaceSentry 5AN is a revolutionar...

FaceSentry Access Control System 6.4.8 Cross Site Request Forgery

FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14 Summary: FaceSentry 5AN is a...

FaceSentry Access Control System 6.4.8 Cleartext Password Storage

FaceSentry Access Control System 6.4.8 Cleartext Password Storage Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14 Summary: FaceSentry 5AN is a...

FaceSentry Access Control System 6.4.8 Reflected Cross Site Scripting

FaceSentry Access Control System 6.4.8 Reflected Cross-Site Scripting Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14 Summary: FaceSentry 5AN is a...

FaceSentry Access Control System 6.4.8 Authentication Credential Disclosure

FaceSentry Access Control System 6.4.8 Authentication Credentials MiTM Disclosure Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14 Summary: FaceSentry 5AN...

FaceSentry Access Control System 6.4.8 Remote SSH Root Access

!/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote SSH Root Access Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorith...

FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery

FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware...

FaceSentry Access Control System 6.4.8 - Remote Root Exploit

FaceSentry Access Control System 6.4.8 - Remote Root Exploit !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote Root Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 5...

FaceSentry Access Control System 6.4.8 - Remote Command Injection

FaceSentry Access Control System 6.4.8 - Remote Command Injection FaceSentry Access Control System 6.4.8 Remote Command Injection Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0...

FaceSentry Access Control System 6.4.8 - Remote Root Exploit

!/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote Root Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14...

FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery

FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14 Summary: FaceSentry 5AN is a...

FaceSentry Access Control System 6.4.8 - Remote Command Injection

FaceSentry Access Control System 6.4.8 Remote Command Injection Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14 Summary: FaceSentry 5AN is a revolutionar...

FaceSentry Access Control System 6.4.8 Authentication Credentials MiTM Disclosure

Summary FaceSentry 5AN is a revolutionary smart identity management appliance that offers entry via biometric face identification, contactless smart card, staff ID, or QR-code. The QR-code upgrade allows you to share an eKey with guests while you're away from your Office and monitor all activity...