Main Vulnerability Database Vulnerabilities #VU18948

Authentication bypass using an alternate path or channel in iDoors Reader - CVE-2019-5964

Published: July 1, 2019 / Updated: July 2, 2019

Vulnerability identifier: #VU18948

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-5964

CWE-ID: CWE-288

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: A.T.WORKS, Inc.

Affected software:
iDoors Reader

Detailed vulnerability description

The vulnerability allows an attacker to operate the product.

The vulnerability exist due to improper implementation of the authentication process. An attacker on the local network can bypass authentication process and gain unrestricted access to management console.

Successful exploitation of the vulnerability may allow an attacker to change the device settings, reset the administrator account, and use the management screen.

How to mitigate CVE-2019-5964

To get an updated version, please contact a vendor at the following email address:

sales2@atworks.co.jp

Sources

https://idoors.jp/?info=idoors%e3%83%aa%e3%83%bc%e3%83%80%e3%81%ab%e3%81%8a%e3%81%91%e3%82%8b%e8%aa%...

Authentication bypass using an alternate path or channel in iDoors Reader - CVE-2019-5964

Detailed vulnerability description

How to mitigate CVE-2019-5964

Sources

Please verify you're human