Vulnerabilities > Assaabloy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-05 | CVE-2023-26941 | Inadequate Encryption Strength vulnerability in Assaabloy Yale Conexis L1 Firmware 1.1.0 Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original. | 6.5 |
| 2023-12-05 | CVE-2023-26942 | Inadequate Encryption Strength vulnerability in Assaabloy Yale Ia-210 Firmware 1.0 Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original. | 6.5 |
| 2023-12-05 | CVE-2023-26943 | Inadequate Encryption Strength vulnerability in Assaabloy Yale Keyless Smart Lock Firmware 1.0 Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original. | 6.5 |
| 2023-08-17 | CVE-2023-4392 | Cleartext Storage of Sensitive Information vulnerability in Assaabloy Control ID Gerencia web 1.30 A vulnerability was found in Control iD Gerencia Web 1.30 and classified as problematic. | 5.3 |
| 2023-08-05 | CVE-2023-33367 | SQL Injection vulnerability in Assaabloy Control ID Idsecure A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution. | 9.8 |
| 2023-08-03 | CVE-2023-33368 | Exposure of Resource to Wrong Sphere vulnerability in Assaabloy Control ID Idsecure Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes. | 6.5 |
| 2023-08-03 | CVE-2023-33369 | Path Traversal vulnerability in Assaabloy Control ID Idsecure A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service. | 9.1 |
| 2023-08-03 | CVE-2023-33370 | Improper Handling of Exceptional Conditions vulnerability in Assaabloy Control ID Idsecure An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service. | 7.5 |
| 2023-08-03 | CVE-2023-33371 | Use of Hard-coded Credentials vulnerability in Assaabloy Control ID Idsecure Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. | 9.8 |
| 2023-04-14 | CVE-2023-2043 | SQL Injection vulnerability in Assaabloy Control ID Rhid 23.3.19.0 A vulnerability, which was classified as problematic, was found in Control iD RHiD 23.3.19.0. | 9.8 |