Anviz: Security Vulnerabilities
Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication.
CVSS Score
9.8
EPSS Score
0.009
Published
2019-12-02
Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.
CVSS Score
9.8
EPSS Score
0.748
Published
2019-12-02
Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins and names) when replying to query on port tcp/5010.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-12-02
Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-12-02
Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010.
CVSS Score
5.3
EPSS Score
0.004
Published
2019-12-02
The Anviz Management System for access control has insufficient logging for device events such as door open requests.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-12-02
Anviz access control devices allow remote attackers to issue commands without a password.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-12-02
Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-12-02
Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No authentication/encryption is done. Attackers can fully interact with the device: for example, send the "open door" command, download the users list (which includes RFID codes and passcodes in cleartext), or update/create users. The same attack can be executed on a local network and over the internet (if the device is exposed on a public IP address).
CVSS Score
9.8
EPSS Score
0.025
Published
2019-06-06