18 matches found
EUVD-2021-34733
COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass...
PT-2025-50236
Name of the Vulnerable Software and Affected Versions COMMAX Biometric Access Control System version 1.0.0 Description The COMMAX Biometric Access Control System is affected by an authentication bypass. An unauthenticated attacker can exploit this to access sensitive information and bypass physic...
The Pros and Cons of Smart Homes
By Owais Sultan The world is more connected than ever before, and the rise of the smart home is just one… This is a post from HackRead.com Read the original post: The Pros and Cons of Smart Homes...
CVE-2021-41292
ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC...
Authentication flaw
ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC...
CVE-2021-41292
CVE-2021-41292 affects ECOA Building Automation System components (e.g., ECOA ECS Router Controller ECS (FLASH), RiskBuster Terminator E6L45, RB 3.0.0, TRANE 1.0, and related ECOA software). Root cause is an authentication bypass via cookie poisoning, enabling an unauthenticated attacker to bypas...
CVE-2021-41292 ECOA BAS controller - Broken Authentication
ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC...
COMMAX Biometric Access Control System 1.0.0 Authentication Bypass
COMMAX Biometric Access Control System 1.0.0 Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: 1.0.0 Summary: Biometric access control system. Desc: The application suffers from an authentication bypass vulnerability. An unauthenticated...
COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass Vulnerability
Exploit Title: COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Biometric Access Control System 1.0.0 Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected...
COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass
Exploit Title: COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Biometric Access Control System 1.0.0 Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page:...
Warning Issued Over Hackable ADT's LifeShield Home Security Cameras
Newly discovered security vulnerabilities in ADT's Blue formerly LifeShield home security cameras could have been exploited to hijack both audio and video streams. The vulnerabilities tracked as CVE-2020-8101 were identified in the video doorbell camera by Bitdefender researchers in February 2020...
Fifthplay S.A.M.I 2019.2_HP - Persistent Cross-Site Scripting
Exploit Title: Fifthplay S.A.M.I 2019.2HP - Persistent Cross-Site Scripting Date: 2020-01-29 Exploit Author: LiquidWorm Vendor: Fifthplay NV Vendor Homepage: https://www.fifthplay.com Version: 2019.2HP Tested on: Linux CVE : - Fifthplay S.A.M.I - Service And Management Interface Unauthenticated...
Serious Security Flaws Found in Children's Connected Toys
Various connected toys for children – hot off the shelves from this holiday shopping season – have been found with deep-rooted security issues, including missing authentication for device pairing and a lack of encryption for connected online accounts. The research, formed by a partnership between...
RSA Conference 2019: The Expanding Automation Platform Attack Surface
SAN FRANCISCO – Automation platforms are increasingly being used to chain multiple IoT devices together to create user-friendly smart applications – but that’s also creating unpredictable attack surfaces that can be hard to manage. A Trend Micro report released at RSA Conference 2019 warns that...
AWS FreeRTOS Bugs Allow Compromise of IoT Devices
Researchers have found that a popular Internet of Things real-time operating system – FreeRTOS – is riddled with serious vulnerabilities. The bugs could allow hackers to crash connected devices in smart homes or critical infrastructure systems, leak information from the devices’ memory, and take...
Open MQTT Servers Raise Physical Threats in Smart Homes
Tens of thousands of consumer-grade Internet of Things IoT servers have been found wide-open on the internet, allowing cybercriminals to potentially compromise homeowners’ physical security. Bad actors can gain complete access to smart-home footprints to track owners’ movements, see if smart door...
Hey, Poker Face — This Wi-Fi Router Can Read Your Emotions
Are you good at hiding your feelings? No issues, your Wi-Fi router may soon be able to tell how you feel, even if you have a good poker face. A team of researchers at MIT's Computer Science and Artificial Intelligence Laboratory CSAIL have developed a device that can measure human inner emotional...
Home Automation Protocol Z-Way Vulnerable to Remote Attacks
A researcher is warning users of the extensible Z-Way controller project that a weakness built into the software could inherently expose it to attacks. Z-Way is the controller and abstraction layer of software that handles Z-Wave, a standard for wireless communication between devices in smart...