CERT-In Vulnerability Note
CIVN-2024-0328
Authentication Bypass Vulnerability in Matrix Door Controller
Original Issue Date:October 25, 2024
Severity Rating: HIGH
Systems Affected
- Matrix Door Controller Cosec Vega FAXQ - all firmware versions prior to V2R17
Overview
A vulnerability has been reported in Matrix Door Controller, which could allow remote attacker to gain unauthorized access to the targeted device.
Description
This vulnerability exists in Matrix Door Controller due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device.
Successful exploitation of this vulnerability could allow remote attacker to gain unauthorized access and take complete control of the targeted device.
Credit
This vulnerability is reported by Arko Dhar and Souvik Kandar from Redinent Innovations Engineering & Research Team, Karnataka, India.
Solution
- Upgrade Matrix Door Controller Cosec Vega FAXQ to firmware version V2R17
Vendor Information
Matrix Comsec
https://www.matrixcomsec.com/
References
Matrix Comsec
https://www.matrixcomsec.com/
CVE Name
CVE-2024-10381
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-22902657
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|