CVE-2017-16241

HIGH

AMAG Symmetry Door Edge Network Controllers - RCE

Title source: llm

Description

Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command.

References (3)

Core 3

Core References

Not Applicable x_refsource_misc

https://hushcon.com/schedule.html

Third Party Advisory x_refsource_misc

https://www.secureworks.com/research/advisory-2017-001

Exploit x_refsource_misc

https://github.com/lixmk/Concierge

View Exploit ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0200

EPSS Percentile 78.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-306

Status published

Products (4)

amag/en-1dbc_firmware 03.60

amag/en-2dbc_firmware 03.60

amag/std_firmware 03.60

amag/std_firmware 01.00

Published Dec 10, 2017

Tracked Since Feb 18, 2026