Vulnerabilities > Assaabloy

DATE CVE VULNERABILITY TITLE RISK
2023-12-05 CVE-2023-26941 Inadequate Encryption Strength vulnerability in Assaabloy Yale Conexis L1 Firmware 1.1.0
Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original.
low complexity
assaabloy CWE-326
6.5
2023-12-05 CVE-2023-26942 Inadequate Encryption Strength vulnerability in Assaabloy Yale Ia-210 Firmware 1.0
Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original.
low complexity
assaabloy CWE-326
6.5
2023-12-05 CVE-2023-26943 Inadequate Encryption Strength vulnerability in Assaabloy Yale Keyless Smart Lock Firmware 1.0
Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original.
low complexity
assaabloy CWE-326
6.5
2023-08-17 CVE-2023-4392 Unspecified vulnerability in Assaabloy Control ID Gerencia web 1.30
A vulnerability was found in Control iD Gerencia Web 1.30 and classified as problematic.
network
high complexity
assaabloy
5.3
2023-08-05 CVE-2023-33367 SQL Injection vulnerability in Assaabloy Control ID Idsecure 4.7.26.0
A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution.
network
low complexity
assaabloy CWE-89
critical
9.8
2023-08-03 CVE-2023-33368 Exposure of Resource to Wrong Sphere vulnerability in Assaabloy Control ID Idsecure 4.7.26.0
Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes.
network
low complexity
assaabloy CWE-668
6.5
2023-08-03 CVE-2023-33369 Path Traversal vulnerability in Assaabloy Control ID Idsecure 4.7.26.0
A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service.
network
low complexity
assaabloy CWE-22
critical
9.1
2023-08-03 CVE-2023-33370 Improper Handling of Exceptional Conditions vulnerability in Assaabloy Control ID Idsecure 4.7.26.0
An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service.
network
low complexity
assaabloy CWE-755
7.5
2023-08-03 CVE-2023-33371 Use of Hard-coded Credentials vulnerability in Assaabloy Control ID Idsecure 4.7.26.0
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.
network
low complexity
assaabloy CWE-798
critical
9.8
2023-04-14 CVE-2023-2043 Unspecified vulnerability in Assaabloy Control ID Rhid 23.3.19.0
A vulnerability, which was classified as problematic, was found in Control iD RHiD 23.3.19.0.
network
low complexity
assaabloy
critical
9.8