CVE-2017-16241

Exploit

EPSS 0.27%
Published 10.12.2017 01:29:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Amag ≫ En-1dbc Firmware Version03.60

Amag ≫ En-1dbc Version-

Amag ≫ Std Firmware Version03.60

Amag ≫ Std Version-

Amag ≫ En-2dbc Firmware Version03.60

Amag ≫ En-2dbc Version-

Amag ≫ Std Firmware Version01.00

Amag ≫ Std Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.27%	0.477

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://github.com/lixmk/Concierge

Exploit

https://hushcon.com/schedule.html

Not Applicable

https://www.secureworks.com/research/advisory-2017-001

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-16241

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-16241

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-16241

EUVD