Vulnerabilities > Assaabloy > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-08-05 CVE-2023-33367 SQL Injection vulnerability in Assaabloy Control ID Idsecure
A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution.
network
low complexity
assaabloy CWE-89
critical
 9.8
9.8
2023-08-03 CVE-2023-33369 Path Traversal vulnerability in Assaabloy Control ID Idsecure
A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service.
network
low complexity
assaabloy CWE-22
critical
 9.1
9.1
2023-08-03 CVE-2023-33371 Use of Hard-coded Credentials vulnerability in Assaabloy Control ID Idsecure
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.
network
low complexity
assaabloy CWE-798
critical
 9.8
9.8
2023-04-14 CVE-2023-2043 SQL Injection vulnerability in Assaabloy Control ID Rhid 23.3.19.0
A vulnerability, which was classified as problematic, was found in Control iD RHiD 23.3.19.0.
network
low complexity
assaabloy CWE-89
critical
 9.8
9.8
2020-05-07 CVE-2020-10176 Code Injection vulnerability in Assaabloy Yale Wipc-301W Firmware 2.X.2.29/2.X.2.43
ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow Eval Injection of commands.
network
low complexity
assaabloy CWE-94
critical
 10.0
10