Iwt Facesentry Access Control System Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Iwt Facesentry Access Control System Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2019-25241 — CVSS 9.8 (critical): FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser…
CVE-2020-21999 — CVSS 8.8 (high): iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials…
CVE-2019-25243 — CVSS 8.8 (high): FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers…
CVE-2019-25279 — CVSS 7.5 (high): FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted…
CVE-2019-25277 — CVSS 6.1 (medium): FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that…
CVE-2019-25278 — CVSS 5.9 (medium): FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept…
CVE-2019-25242 — CVSS 4.3 (medium): FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative…