CVE-2020-12681

Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an attacker to intercept/control the channel by which door lock policies are applied.

Published: Jul 26, 2021
Updated: Apr 13, 2023
CVE: CVE-2020-12681
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-295

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
3xlogic / infinias_eidc32_firmware	-	3.4.125.x

https://www.3xlogic.com/products/access-control/infinias-ethernet-enabled-integrated-door-controller-eidc
https://www.3xlogic.com/sites/www.3xlogic.com/files/media/2020-08/INF_RN_infinias_eIDC32_V3.9_Firmware%20Release_08142020.pdf

Vulnerability Database

291,049

CVE-2020-12681