Search criteria
1 vulnerability found for std by amag
VAR-201712-0705
Vulnerability from variot - Updated: 2025-04-20 23:39Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command. AMAG Symmetry Door Edge Network Controller Contains an access control vulnerability.Information may be tampered with. of the United States. A security vulnerability exists in AMAGSymmetryDoorEdgeNetworkControllers that stems from incorrect access control
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0705",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "std",
"scope": "eq",
"trust": 1.6,
"vendor": "amag",
"version": "01.00"
},
{
"model": "en-1dbc",
"scope": "eq",
"trust": 1.6,
"vendor": "amag",
"version": "03.60"
},
{
"model": "en-2dbc",
"scope": "eq",
"trust": 1.6,
"vendor": "amag",
"version": "03.60"
},
{
"model": "std",
"scope": "eq",
"trust": 1.6,
"vendor": "amag",
"version": "03.60"
},
{
"model": "technology en-1dbc",
"scope": null,
"trust": 0.8,
"vendor": "amag",
"version": null
},
{
"model": "technology en-2dbc",
"scope": null,
"trust": 0.8,
"vendor": "amag",
"version": null
},
{
"model": "std",
"scope": null,
"trust": 0.8,
"vendor": "amag",
"version": null
},
{
"model": "symmetry door edge network controllers",
"scope": null,
"trust": 0.6,
"vendor": "amag",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00621"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011513"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-013"
},
{
"db": "NVD",
"id": "CVE-2017-16241"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:amag:en-1dbc_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:amag:en-2dbc_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:amag:std_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011513"
}
]
},
"cve": "CVE-2017-16241",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-16241",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-00621",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-107144",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-16241",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-16241",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-16241",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-00621",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-013",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-107144",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00621"
},
{
"db": "VULHUB",
"id": "VHN-107144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011513"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-013"
},
{
"db": "NVD",
"id": "CVE-2017-16241"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command. AMAG Symmetry Door Edge Network Controller Contains an access control vulnerability.Information may be tampered with. of the United States. A security vulnerability exists in AMAGSymmetryDoorEdgeNetworkControllers that stems from incorrect access control",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16241"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011513"
},
{
"db": "CNVD",
"id": "CNVD-2018-00621"
},
{
"db": "VULHUB",
"id": "VHN-107144"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16241",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011513",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-00621",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201711-013",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-107144",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00621"
},
{
"db": "VULHUB",
"id": "VHN-107144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011513"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-013"
},
{
"db": "NVD",
"id": "CVE-2017-16241"
}
]
},
"id": "VAR-201712-0705",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00621"
},
{
"db": "VULHUB",
"id": "VHN-107144"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00621"
}
]
},
"last_update_date": "2025-04-20T23:39:55.129000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.amag.com/en/"
},
{
"title": "AMAGSymmetryDoorEdgeNetworkControllers command to execute the patch for the vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/113031"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00621"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011513"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011513"
},
{
"db": "NVD",
"id": "CVE-2017-16241"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.secureworks.com/research/advisory-2017-001"
},
{
"trust": 1.7,
"url": "https://github.com/lixmk/concierge"
},
{
"trust": 1.7,
"url": "https://hushcon.com/schedule.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16241"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16241"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2017-16241/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00621"
},
{
"db": "VULHUB",
"id": "VHN-107144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011513"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-013"
},
{
"db": "NVD",
"id": "CVE-2017-16241"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-00621"
},
{
"db": "VULHUB",
"id": "VHN-107144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011513"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-013"
},
{
"db": "NVD",
"id": "CVE-2017-16241"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00621"
},
{
"date": "2017-12-10T00:00:00",
"db": "VULHUB",
"id": "VHN-107144"
},
{
"date": "2018-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011513"
},
{
"date": "2017-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-013"
},
{
"date": "2017-12-10T01:29:00.190000",
"db": "NVD",
"id": "CVE-2017-16241"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00621"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-107144"
},
{
"date": "2018-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011513"
},
{
"date": "2020-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-013"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-16241"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-013"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AMAG Symmetry Door Edge Network Controller Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011513"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-013"
}
],
"trust": 0.6
}
}