Vulnerabilities > Hidglobal
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-06 | CVE-2022-31486 | OS Command Injection vulnerability in multiple products An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. | 8.8 |
| 2021-03-24 | CVE-2020-36283 | Cross-Site Request Forgery (CSRF) vulnerability in Hidglobal Omnikey 5127 Firmware and Omnikey 5427 Firmware HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). | 8.8 |
| 2019-07-16 | CVE-2019-13603 | Use of Insufficiently Random Values vulnerability in Hidglobal Digital Persona U.Are.U 4500 Driver Firmware 5.0.0.5 An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. | 5.9 |
| 2019-03-21 | CVE-2018-17492 | Use of Hard-coded Credentials vulnerability in Hidglobal Easylobby Solo 11.0.4563 EasyLobby Solo contains default administrative credentials. | 7.8 |
| 2019-03-21 | CVE-2018-17491 | Missing Authorization vulnerability in Hidglobal Easylobby Solo 11.0.4563 EasyLobby Solo could allow a local attacker to gain elevated privileges on the system. | 7.8 |
| 2019-03-21 | CVE-2018-17490 | Missing Authorization vulnerability in Hidglobal Easylobby Solo 11.0.4563 EasyLobby Solo is vulnerable to a denial of service. | 7.1 |
| 2019-03-21 | CVE-2018-17489 | Cleartext Storage of Sensitive Information vulnerability in Hidglobal Easylobby Solo 11.0.4563 EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. | 5.5 |