Unauthorized Password Change Vulnerability in Anviz Access Control Devices
CVE-2019-12394

9.8CRITICAL

Key Information:

Vendor: Anviz
Status: Management System
Vendor: CVE Published:; 2 December 2019

What is CVE-2019-12394?

Anviz access control devices have a security flaw that permits attackers to change the administrator password without any prior authentication. This vulnerability enables unauthorized individuals to gain control over the device settings, potentially leading to further exploitation of the system and compromise of sensitive data. As the change occurs without proper verification, it poses a significant risk to the integrity and security of access control environments.

References

https://www.0x90.zone/multiple/reverse/2019/11/28/Anviz-p...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2019
Vulnerability Reserved
May 28, 2019

CVE-2019-12394 Data

JSON