CVE-2014-5381

CRITICAL

Grand MA 300 Firmware - Insufficiently Protected Credentials via Weak PIN Verification

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-5381. PoCs published by Eric Sesterhenn.

AI-analyzed exploit summary This Perl script brute-forces the PIN of a Grand MA 300 Fingerprint Access device by exploiting weak cryptographic algorithms in the authentication protocol. It sends UDP packets to the device, calculates the expected password for each PIN attempt, and checks the response to determine if the correct PIN was found.

Description

Grand MA 300 allows a brute-force attack on the PIN.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Eric Sesterhenn · perlremotemultiple

https://www.exploit-db.com/exploits/39293

View Code ZIP pw:eip

This Perl script brute-forces the PIN of a Grand MA 300 Fingerprint Access device by exploiting weak cryptographic algorithms in the authentication protocol. It sends UDP packets to the device, calculates the expected password for each PIN attempt, and checks the response to determine if the correct PIN was found.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Grand MA 300 Fingerprint Access device (firmware version 6.60)

No auth needed

Prerequisites: Network access to the target device on UDP port 4370 · Knowledge of the target device's IP address

MITRE ATT&CK

T1110 - Brute Force

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.html

Exploit, Mailing List, Third Party Advisory x_refsource_misc

http://seclists.org/fulldisclosure/2014/Aug/70

Third Party Advisory, VDB Entry x_refsource_misc

http://www.securityfocus.com/bid/69390

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/95485

Scores

CVSS v3 9.8

EPSS 0.0706

EPSS Percentile 93.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-522

Status published

Products (1)

granding/grand_ma300_firmware 6.60

Published Jan 13, 2020

Tracked Since Feb 18, 2026