Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-21999

iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.129
EPSS Ranking 93.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
Products affected by CVE-2020-21999


Contact Us

Shodan ® - All rights reserved