Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Broken Access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve ABACARD values
Vulnerability Description
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS, allowing for an unauthenticated attacker to return the abacard field of any user
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
DirectCyber Evolution Controller 安全漏洞
Vulnerability Description
DirectCyber Evolution Controller是DirectCyber公司的一款门禁控制器软件,用于控制器对设施的物理访问。 DirectCyber Evolution Controller 2.04.560.31.03.2024 版本及之前版本存在安全漏洞,该漏洞源于 Web 界面的 DESKTOP_EDIT_USER_GET_ABACARD_FIELDS 存在不当的访问控制配置,允许未经身份验证的攻击者返回任何用户的 abacard 字段。
CVSS Information
N/A
Vulnerability Type
N/A