VAR-201712-0705
Vulnerability from variot - Updated: 2025-04-20 23:39Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command. AMAG Symmetry Door Edge Network Controller Contains an access control vulnerability.Information may be tampered with. of the United States. A security vulnerability exists in AMAGSymmetryDoorEdgeNetworkControllers that stems from incorrect access control
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0705",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "std",
"scope": "eq",
"trust": 1.6,
"vendor": "amag",
"version": "01.00"
},
{
"model": "en-1dbc",
"scope": "eq",
"trust": 1.6,
"vendor": "amag",
"version": "03.60"
},
{
"model": "en-2dbc",
"scope": "eq",
"trust": 1.6,
"vendor": "amag",
"version": "03.60"
},
{
"model": "std",
"scope": "eq",
"trust": 1.6,
"vendor": "amag",
"version": "03.60"
},
{
"model": "technology en-1dbc",
"scope": null,
"trust": 0.8,
"vendor": "amag",
"version": null
},
{
"model": "technology en-2dbc",
"scope": null,
"trust": 0.8,
"vendor": "amag",
"version": null
},
{
"model": "std",
"scope": null,
"trust": 0.8,
"vendor": "amag",
"version": null
},
{
"model": "symmetry door edge network controllers",
"scope": null,
"trust": 0.6,
"vendor": "amag",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00621"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011513"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-013"
},
{
"db": "NVD",
"id": "CVE-2017-16241"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:amag:en-1dbc_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:amag:en-2dbc_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:amag:std_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011513"
}
]
},
"cve": "CVE-2017-16241",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-16241",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-00621",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-107144",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-16241",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-16241",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-16241",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-00621",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-013",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-107144",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00621"
},
{
"db": "VULHUB",
"id": "VHN-107144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011513"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-013"
},
{
"db": "NVD",
"id": "CVE-2017-16241"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command. AMAG Symmetry Door Edge Network Controller Contains an access control vulnerability.Information may be tampered with. of the United States. A security vulnerability exists in AMAGSymmetryDoorEdgeNetworkControllers that stems from incorrect access control",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16241"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011513"
},
{
"db": "CNVD",
"id": "CNVD-2018-00621"
},
{
"db": "VULHUB",
"id": "VHN-107144"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16241",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011513",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-00621",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201711-013",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-107144",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00621"
},
{
"db": "VULHUB",
"id": "VHN-107144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011513"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-013"
},
{
"db": "NVD",
"id": "CVE-2017-16241"
}
]
},
"id": "VAR-201712-0705",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00621"
},
{
"db": "VULHUB",
"id": "VHN-107144"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00621"
}
]
},
"last_update_date": "2025-04-20T23:39:55.129000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.amag.com/en/"
},
{
"title": "AMAGSymmetryDoorEdgeNetworkControllers command to execute the patch for the vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/113031"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00621"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011513"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011513"
},
{
"db": "NVD",
"id": "CVE-2017-16241"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.secureworks.com/research/advisory-2017-001"
},
{
"trust": 1.7,
"url": "https://github.com/lixmk/concierge"
},
{
"trust": 1.7,
"url": "https://hushcon.com/schedule.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16241"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16241"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2017-16241/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00621"
},
{
"db": "VULHUB",
"id": "VHN-107144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011513"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-013"
},
{
"db": "NVD",
"id": "CVE-2017-16241"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-00621"
},
{
"db": "VULHUB",
"id": "VHN-107144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011513"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-013"
},
{
"db": "NVD",
"id": "CVE-2017-16241"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00621"
},
{
"date": "2017-12-10T00:00:00",
"db": "VULHUB",
"id": "VHN-107144"
},
{
"date": "2018-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011513"
},
{
"date": "2017-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-013"
},
{
"date": "2017-12-10T01:29:00.190000",
"db": "NVD",
"id": "CVE-2017-16241"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00621"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-107144"
},
{
"date": "2018-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011513"
},
{
"date": "2020-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-013"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-16241"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-013"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AMAG Symmetry Door Edge Network Controller Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011513"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-013"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…