Main Vulnerability Database Vulnerabilities #VU18948

#VU18948 Authentication bypass using an alternate path or channel in iDoors Reader - CVE-2019-5964

Published: July 1, 2019 / Updated: July 2, 2019

Vulnerability identifier: #VU18948

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-5964

CWE-ID: CWE-288

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
iDoors Reader

Software vendor:
A.T.WORKS, Inc.

Description

The vulnerability allows an attacker to operate the product.

The vulnerability exist due to improper implementation of the authentication process. An attacker on the local network can bypass authentication process and gain unrestricted access to management console.

Successful exploitation of the vulnerability may allow an attacker to change the device settings, reset the administrator account, and use the management screen.

Remediation

To get an updated version, please contact a vendor at the following email address:

sales2@atworks.co.jp

External links

https://idoors.jp/?info=idoors%e3%83%aa%e3%83%bc%e3%83%80%e3%81%ab%e3%81%8a%e3%81%91%e3%82%8b%e8%aa%...

#VU18948 Authentication bypass using an alternate path or channel in iDoors Reader - CVE-2019-5964

Description

Remediation

External links

Please verify you're human