← Back

3xlogic

4 CVEs • 5 products

Products (5)

Click to collapse
Toggle
Infinias Eidc32 Firmware
infinias_eidc32_firmware
2 CVEs
Infinias Access Control Firmware
infinias_access_control_firmware
1 CVE
Infinias Access Control
infinias_access_control
1 CVE
Infinias Eidc32 Web
infinias_eidc32_web
1 CVE
Infinias Eidc32
infinias_eidc32
0 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-41847
13xlogic
1Infinias Access Control
Nov 21, 2024
Oct 1, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST requests, allowing...Show more
An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST requests, allowing them to view user data such as personal information and Prox card credentials. Also, an authorized user of one zone can send API requests to unlock electronic locks associated with zones they are unauthorized to have access to. They can also create new user logins for zones they were not authorized to access, including the root zone of the software.Show less
CVE-2020-12681
13xlogic
1Infinias Eidc32 Firmware
Nov 21, 2024
Jul 26, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an attacker to intercept/control the channel by which door lock policies are applied.
CVE-2020-11542
13xlogic
2Infinias Eidc32 Firmware
Infinias Eidc32 Web
Nov 21, 2024
Apr 4, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring.
CVE-2019-18651
13xlogic
1Infinias Access Control Firmware
Nov 21, 2024
Nov 14, 2019
N/A· v4
6.5 MEDIUM· v3
5.8 MEDIUM· v2
A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application users) by sending a...Show more
A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application users) by sending a crafted HTML document or encoded URL to a user that the website trusts. The user needs to have an active privileged session.Show less