Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hanon | faceid | f810 |
| hanon | faceid_fa007_firmware | * |
| hanon | faceid_fk800_firmware | * |
| hanon | faceid | fk800 |
| hanon | faceid | fa007 |
| hanon | faceid_f810_firmware | * |
| hanon | faceid | f710 |
| hanon | faceid_f710_firmware | 1.007.109 |