CVE-2019-25241

Critical CVSS: 9.8

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication.

Vendor

Iwt

Product

Facesentry Access Control System Firmware

CWE

CWE-798

Yayın Tarihi

2025-12-24 20:15:51

Güncelleme

2025-12-31 14:15:50

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-798 Facesentry Access Control System Firmware CRITICAL Iwt 2025

Referanslar

http://www.iwt.com.hk https://www.exploit-db.com/exploits/47067 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5526.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5526.php

Benzer Kayıtlar

Medium

CVE-2019-25279

FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to acce…

Medium

CVE-2019-25277

FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginIns…

Critical

CVE-2019-25278

FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to i…

Medium

CVE-2019-25242

FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perf…

High

CVE-2019-25243

FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php sc…