Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NAnviz Crosschex Standard
APPAnvizwszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2026-40434HIGH8.1ten sam produkt
Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injectio...
CVE-2026-35546CRITICAL9.8PL ✓ten sam vendor
Nieautoryzowane przesyłanie firmware w urządzeniach Anviz CX2 Lite i CX7
CVE-2019-12394CRITICAL9.8ten sam vendor
Anviz access control devices allow unverified password change which allows remote attackers to change the admi...
CVE-2019-12392CRITICAL9.8ten sam vendor
Anviz access control devices allow remote attackers to issue commands without a password.
CVE-2019-12518CRITICAL9.8ten sam vendor
Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulne...