Search criteria
3 vulnerabilities found for faceid by hanon
VAR-201405-0408
Vulnerability from variot - Updated: 2025-04-13 23:10Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands. Hanvon facial recognition (Face ID) devices possibly running software versions prior to 1.007.110 could allow an unauthenticated attacker to modify user and access control information. Hanvon Face recognition device provided by Face ID Firmware lack of certification for critical functions (CWE-306) Exists. CWE-306: Missing Authentication for Critical Function https://cwe.mitre.org/data/definitions/306.htmlThird parties may alter user information and access control information. Multiple Hanvon Face ID Products are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Hanvon FaceID is a face recognition system developed by Hanvon Corporation of China. The system can be used in enterprise attendance, access control and building construction, etc. There is a security vulnerability in Hanvon FaceID 1.007.109 and earlier versions, the vulnerability stems from the fact that the program does not require authentication
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0408",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "faceid f710",
"scope": "eq",
"trust": 1.6,
"vendor": "hanon",
"version": "1.007.109"
},
{
"model": "faceid",
"scope": "eq",
"trust": 1.0,
"vendor": "hanon",
"version": "fa007"
},
{
"model": "faceid f810",
"scope": "lte",
"trust": 1.0,
"vendor": "hanon",
"version": "1.007.109"
},
{
"model": "faceid fa007",
"scope": "lte",
"trust": 1.0,
"vendor": "hanon",
"version": "1.007.109"
},
{
"model": "faceid",
"scope": "eq",
"trust": 1.0,
"vendor": "hanon",
"version": "f710"
},
{
"model": "faceid",
"scope": "eq",
"trust": 1.0,
"vendor": "hanon",
"version": "f810"
},
{
"model": "faceid",
"scope": "eq",
"trust": 1.0,
"vendor": "hanon",
"version": "fk800"
},
{
"model": "faceid fk800",
"scope": "lte",
"trust": 1.0,
"vendor": "hanon",
"version": "1.007.109"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hanvon",
"version": null
},
{
"model": "face id",
"scope": "eq",
"trust": 0.8,
"vendor": "hanvon",
"version": "f710"
},
{
"model": "face id",
"scope": "eq",
"trust": 0.8,
"vendor": "hanvon",
"version": "f810"
},
{
"model": "face id",
"scope": "eq",
"trust": 0.8,
"vendor": "hanvon",
"version": "fa007"
},
{
"model": "face id",
"scope": "eq",
"trust": 0.8,
"vendor": "hanvon",
"version": "fk800"
},
{
"model": "face id f710",
"scope": "lt",
"trust": 0.8,
"vendor": "hanvon",
"version": "1.007.110 earlier"
},
{
"model": "face id f810",
"scope": "lt",
"trust": 0.8,
"vendor": "hanvon",
"version": "1.007.110 earlier"
},
{
"model": "face id fa007",
"scope": "lt",
"trust": 0.8,
"vendor": "hanvon",
"version": "1.007.110 earlier"
},
{
"model": "face id fk800",
"scope": "lt",
"trust": 0.8,
"vendor": "hanvon",
"version": "1.007.110 earlier"
},
{
"model": "faceid fk800",
"scope": "eq",
"trust": 0.6,
"vendor": "hanon",
"version": "1.007.109"
},
{
"model": "faceid f810",
"scope": "eq",
"trust": 0.6,
"vendor": "hanon",
"version": "1.007.109"
},
{
"model": "faceid fa007",
"scope": "eq",
"trust": 0.6,
"vendor": "hanon",
"version": "1.007.109"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#767044"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002557"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-454"
},
{
"db": "NVD",
"id": "CVE-2014-2938"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:hanon:faceid",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hanon:faceid_f710_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hanon:faceid_f810_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hanon:faceid_fa007_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hanon:faceid_fk800_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002557"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kelvin Tan Thiam Teck",
"sources": [
{
"db": "BID",
"id": "67525"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2938",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-2938",
"impactScore": 8.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:C/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 8.3,
"collateralDamagePotential": "MEDIUM-HIGH",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 2.0,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 8.6,
"id": "CVE-2014-2938",
"impactScore": 8.5,
"integrityImpact": "COMPLETE",
"integrityRequirement": "HIGH",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "UNCORROBORATED",
"severity": "HIGH",
"targetDistribution": "LOW",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:P/I:C/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 8.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2014-002557",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:C/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-70877",
"impactScore": 8.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:C/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2938",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-2938",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2014-002557",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-454",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-70877",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#767044"
},
{
"db": "VULHUB",
"id": "VHN-70877"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002557"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-454"
},
{
"db": "NVD",
"id": "CVE-2014-2938"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands. Hanvon facial recognition (Face ID) devices possibly running software versions prior to 1.007.110 could allow an unauthenticated attacker to modify user and access control information. Hanvon Face recognition device provided by Face ID Firmware lack of certification for critical functions (CWE-306) Exists. CWE-306: Missing Authentication for Critical Function https://cwe.mitre.org/data/definitions/306.htmlThird parties may alter user information and access control information. Multiple Hanvon Face ID Products are prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Hanvon FaceID is a face recognition system developed by Hanvon Corporation of China. The system can be used in enterprise attendance, access control and building construction, etc. There is a security vulnerability in Hanvon FaceID 1.007.109 and earlier versions, the vulnerability stems from the fact that the program does not require authentication",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2938"
},
{
"db": "CERT/CC",
"id": "VU#767044"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002557"
},
{
"db": "BID",
"id": "67525"
},
{
"db": "VULHUB",
"id": "VHN-70877"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/767044",
"trust": 0.8,
"type": "poc"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#767044"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#767044",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2014-2938",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVNVU95165083",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002557",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201405-454",
"trust": 0.7
},
{
"db": "BID",
"id": "67525",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-70877",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#767044"
},
{
"db": "VULHUB",
"id": "VHN-70877"
},
{
"db": "BID",
"id": "67525"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002557"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-454"
},
{
"db": "NVD",
"id": "CVE-2014-2938"
}
]
},
"id": "VAR-201405-0408",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-70877"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:10:15.561000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Face ID",
"trust": 0.8,
"url": "http://www.hanvon.com/en/products/FaceID/products/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002557"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70877"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002557"
},
{
"db": "NVD",
"id": "CVE-2014-2938"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/767044"
},
{
"trust": 0.8,
"url": "http://www.hanvon.com/en/products/faceid/technology/index.html"
},
{
"trust": 0.8,
"url": "http://www.hanvon.com/en/products/faceid/products/index.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2938"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95165083/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2938"
},
{
"trust": 0.3,
"url": "http://www.hanvon.com/en/products/faceid/index.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#767044"
},
{
"db": "VULHUB",
"id": "VHN-70877"
},
{
"db": "BID",
"id": "67525"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002557"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-454"
},
{
"db": "NVD",
"id": "CVE-2014-2938"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#767044"
},
{
"db": "VULHUB",
"id": "VHN-70877"
},
{
"db": "BID",
"id": "67525"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002557"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-454"
},
{
"db": "NVD",
"id": "CVE-2014-2938"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-20T00:00:00",
"db": "CERT/CC",
"id": "VU#767044"
},
{
"date": "2014-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-70877"
},
{
"date": "2014-05-20T00:00:00",
"db": "BID",
"id": "67525"
},
{
"date": "2014-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002557"
},
{
"date": "2014-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-454"
},
{
"date": "2014-05-22T20:55:06.503000",
"db": "NVD",
"id": "CVE-2014-2938"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-20T00:00:00",
"db": "CERT/CC",
"id": "VU#767044"
},
{
"date": "2014-07-16T00:00:00",
"db": "VULHUB",
"id": "VHN-70877"
},
{
"date": "2014-05-20T00:00:00",
"db": "BID",
"id": "67525"
},
{
"date": "2014-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002557"
},
{
"date": "2014-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-454"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-2938"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-454"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanvon facial recognition (Face ID) devices do not authenticate commands",
"sources": [
{
"db": "CERT/CC",
"id": "VU#767044"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-454"
}
],
"trust": 0.6
}
}
CVE-2014-2938 (GCVE-0-2014-2938)
Vulnerability from nvd – Published: 2014-05-22 20:00 – Updated: 2024-08-06 10:28
VLAI?
Summary
Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#767044",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/767044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-22T19:57:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#767044",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/767044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-2938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#767044",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/767044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-2938",
"datePublished": "2014-05-22T20:00:00.000Z",
"dateReserved": "2014-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:28:46.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2938 (GCVE-0-2014-2938)
Vulnerability from cvelistv5 – Published: 2014-05-22 20:00 – Updated: 2024-08-06 10:28
VLAI?
Summary
Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#767044",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/767044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-22T19:57:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#767044",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/767044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-2938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#767044",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/767044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-2938",
"datePublished": "2014-05-22T20:00:00.000Z",
"dateReserved": "2014-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:28:46.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}