Unauthenticated Access-Control and Attendance-Tracking Data Modification in Hanvon FaceID

CVE-2014-2938 · HIGH Severity

AV:N/AC:M/AU:N/C:P/I:C/A:P

Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands.

Learn more about our Api Penetration Testing.