CVE-2014-2938

Hanvon FaceID < 1.007.110 - Unauthenticated API Command Execution

Title source: llm
STIX 2.1

Description

Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/767044

Scores

EPSS 0.0160
EPSS Percentile 72.8%

Details

CWE
CWE-287
Status published
Products (8)
hanon/faceid f810
hanon/faceid f710
hanon/faceid fk800
hanon/faceid fa007
hanon/faceid_f710_firmware 1.007.109
hanon/faceid_f810_firmware < 1.007.109
hanon/faceid_fa007_firmware < 1.007.109
hanon/faceid_fk800_firmware < 1.007.109
Published May 22, 2014
Tracked Since Feb 18, 2026