Search
Search Results (10 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25135 | 1 Anviz | 1 Crosschex | 2025-12-29 | 9.8 Critical |
| Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data. | ||||
| CVE-2019-12518 | 1 Anviz | 1 Crosschex | 2024-11-21 | 9.8 Critical |
| Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability. | ||||
| CVE-2019-12394 | 1 Anviz | 1 Management System | 2024-11-21 | 9.8 Critical |
| Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication. | ||||
| CVE-2019-12393 | 1 Anviz | 1 Management System | 2024-11-21 | 7.5 High |
| Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests. | ||||
| CVE-2019-12392 | 1 Anviz | 1 Anviz Firmware | 2024-11-21 | 9.8 Critical |
| Anviz access control devices allow remote attackers to issue commands without a password. | ||||
| CVE-2019-12391 | 1 Anviz | 1 Management System | 2024-11-21 | 7.5 High |
| The Anviz Management System for access control has insufficient logging for device events such as door open requests. | ||||
| CVE-2019-12390 | 1 Anviz | 1 Anviz Firmware | 2024-11-21 | 5.3 Medium |
| Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010. | ||||
| CVE-2019-12389 | 1 Anviz | 1 Anviz Firmware | 2024-11-21 | 7.5 High |
| Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010. | ||||
| CVE-2019-12388 | 1 Anviz | 1 Anviz Firmware | 2024-11-21 | 7.5 High |
| Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins and names) when replying to query on port tcp/5010. | ||||
| CVE-2019-11523 | 1 Anviz | 2 M3, M3 Firmware | 2024-11-21 | N/A |
| Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No authentication/encryption is done. Attackers can fully interact with the device: for example, send the "open door" command, download the users list (which includes RFID codes and passcodes in cleartext), or update/create users. The same attack can be executed on a local network and over the internet (if the device is exposed on a public IP address). | ||||
Page 1 of 1.