Vulnerabilities > Hidglobal > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-06 | CVE-2024-22388 | Unspecified vulnerability in Hidglobal products Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. | 7.8 |
| 2023-06-07 | CVE-2023-2904 | Unspecified vulnerability in Hidglobal Safe 5.11.3/5.8.0 The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). | 7.3 |
| 2022-06-06 | CVE-2022-31480 | Forced Browsing vulnerability in multiple products An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). | 7.5 |
| 2022-06-06 | CVE-2022-31482 | Classic Buffer Overflow vulnerability in multiple products An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. | 7.5 |
| 2022-06-06 | CVE-2022-31483 | Path Traversal vulnerability in multiple products An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. | 8.8 |
| 2022-06-06 | CVE-2022-31484 | Forced Browsing vulnerability in multiple products An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. | 7.5 |
| 2022-06-06 | CVE-2022-31486 | OS Command Injection vulnerability in multiple products An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. | 8.8 |
| 2021-03-24 | CVE-2020-36283 | Cross-Site Request Forgery (CSRF) vulnerability in Hidglobal Omnikey 5127 Firmware and Omnikey 5427 Firmware HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). | 8.8 |
| 2019-03-21 | CVE-2018-17492 | Use of Hard-coded Credentials vulnerability in Hidglobal Easylobby Solo 11.0.4563 EasyLobby Solo contains default administrative credentials. | 7.8 |
| 2019-03-21 | CVE-2018-17491 | Missing Authorization vulnerability in Hidglobal Easylobby Solo 11.0.4563 EasyLobby Solo could allow a local attacker to gain elevated privileges on the system. | 7.8 |