Unauthenticated Access-Control and Attendance-Tracking Data Modification in Hanvon FaceID
CVE-2014-2938 · HIGH Severity
AV:N/AC:M/AU:N/C:P/I:C/A:P
Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands.
Learn more about our Api Penetration Testing.