Vulnerabilities > Anviz
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-02 | CVE-2019-12518 | Classic Buffer Overflow vulnerability in Anviz Crosschex 4.3.12/4.3.8.0 Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability. | 9.8 |
| 2019-12-02 | CVE-2019-12394 | Improper Authentication vulnerability in Anviz Management System Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication. | 9.8 |
| 2019-12-02 | CVE-2019-12393 | Authentication Bypass by Capture-replay vulnerability in Anviz Management System Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests. | 7.5 |
| 2019-12-02 | CVE-2019-12392 | Missing Authentication for Critical Function vulnerability in Anviz Firmware Anviz access control devices allow remote attackers to issue commands without a password. | 9.8 |
| 2019-12-02 | CVE-2019-12391 | Unspecified vulnerability in Anviz Management System The Anviz Management System for access control has insufficient logging for device events such as door open requests. | 7.5 |
| 2019-12-02 | CVE-2019-12390 | Missing Authentication for Critical Function vulnerability in Anviz Firmware Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010. | 5.3 |
| 2019-12-02 | CVE-2019-12389 | Missing Authentication for Critical Function vulnerability in Anviz Firmware Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010. | 7.5 |
| 2019-12-02 | CVE-2019-12388 | Cleartext Transmission of Sensitive Information vulnerability in Anviz Firmware Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins and names) when replying to query on port tcp/5010. | 7.5 |
| 2019-06-06 | CVE-2019-11523 | Missing Encryption of Sensitive Data vulnerability in Anviz M3 Firmware Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. | 9.8 |