CVE-2019-3908

HIGH

Premisys Identicard <3.1.190 - Info Disclosure

Title source: llm

Description

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.

References (2)

[Third Party Advisory] https://www.tenable.com/security/research/tra-2019-01

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106552

Scores

CVSS v3 7.5

EPSS 0.0064

EPSS Percentile 70.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-259 CWE-798

Status published

Products (1)

identicard/premisys_id 3.1.190

Published Jan 18, 2019

Tracked Since Feb 18, 2026