Vulnerability Description
Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amag | En-1Dbc Firmware | 03.60 |
| Amag | En-1Dbc | - |
| Amag | Std Firmware | 03.60 |
| Amag | Std | - |
| Amag | En-2Dbc Firmware | 03.60 |
| Amag | En-2Dbc | - |
Related Weaknesses (CWE)
References
- https://github.com/lixmk/ConciergeExploit
- https://hushcon.com/schedule.htmlNot Applicable
- https://www.secureworks.com/research/advisory-2017-001Third Party Advisory
- https://github.com/lixmk/ConciergeExploit
- https://hushcon.com/schedule.htmlNot Applicable
- https://www.secureworks.com/research/advisory-2017-001Third Party Advisory
FAQ
What is CVE-2017-16241?
CVE-2017-16241 is a vulnerability with a CVSS score of 7.5 (HIGH). Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attac...
How severe is CVE-2017-16241?
CVE-2017-16241 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-16241?
Check the references section above for vendor advisories and patch information. Affected products include: Amag En-1Dbc Firmware, Amag En-1Dbc, Amag Std Firmware, Amag Std, Amag En-2Dbc Firmware.