CVE-2020-12681

Description

Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an attacker to intercept/control the channel by which door lock policies are applied.

Affected Software
References

Software	From	Fixed in
3xlogic / infinias_eidc32_firmware	-	3.4.125.x

https://www.3xlogic.com/products/access-control/infinias-ethernet-enabled-integrated-door-controller-eidc
https://www.3xlogic.com/sites/www.3xlogic.com/files/media/2020-08/INF_RN_infinias_eIDC32_V3.9_Firmware%20Release_08142020.pdf

Severity: High

CVE: CVE-2020-12681
Published: Jul 26, 2021
Updated: Apr 13, 2023
Exploit:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-295

A3 - Sensitive Data Exposure

CVE-2020-12681

Description

Details

CVSS v3

CVSS v2

CWEs

OWASP TOP 10