Iwt Ltd Facesentry Access Control System vulnerabilities
6 known vulnerabilities affecting iwt_ltd/facesentry_access_control_system.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2019-25241P2CRITICALCVSS 9.8v6.4.8 build 264v5.7.2 build 568+1 more2025-12-24
CVE-2019-25241 [CRITICAL] CWE-798 CVE-2019-25241: FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-co
FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication.
nvd
CVE-2019-25243P2HIGHCVSS 8.8v6.4.8 build 264v5.7.2 build 568+1 more2025-12-24
CVE-2019-25243 [HIGH] CWE-78 CVE-2019-25243: FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php an
FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort' parameters.
nvd
CVE-2019-25279P3HIGHCVSS 7.5v6.4.8 build 264v5.7.2 build 568+1 more2026-01-08
CVE-2019-25279 [HIGH] CWE-312 CVE-2019-25279: FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allo
FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive login information stored in /faceGuard/database/FaceSentryWeb.sqlite without additional authentication.
nvd
CVE-2019-25278P3MEDIUMCVSS 5.9v6.4.8 build 264v5.7.2 build 568+1 more2026-01-08
CVE-2019-25278 [MEDIUM] CWE-319 CVE-2019-25278: FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows r
FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication.
nvd
CVE-2019-25277P4MEDIUMCVSS 6.1v6.4.8v5.7.2+1 more2026-01-08
CVE-2019-25277 [MEDIUM] CWE-79 CVE-2019-25277: FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' pa
FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing authentication credentials and conducting phishing atta
nvd
CVE-2019-25242P4MEDIUMCVSS 4.3v6.4.8v5.7.2+1 more2025-12-24
CVE-2019-25242 [MEDIUM] CWE-352 CVE-2019-25242: FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allo
FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by tricking authenticated users into loading a specially
nvd