Sign-up

ID

VAR-202001-1351


CVE

CVE-2014-5381


TITLE

Grand MA 300 Vulnerable to insufficient protection of credentials

Trust: 0.8

sources: JVNDB: JVNDB-2014-008796

DESCRIPTION

Grand MA 300 allows a brute-force attack on the PIN. Grand MA 300 Contains a vulnerability related to insufficient protection of credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The Grand MA 300 has a security hole in which the program fails to encrypt the pin in the network and wigand communication, allowing the attacker to sniff sensitive information and allow the attacker to brute force the PIN. Attackers can exploit these issues to disclose the access pin by sniffing network traffic or perform brute-force attacks on pin to gain unauthorized access. This may aid in other attacks

Trust: 2.43

sources: NVD: CVE-2014-5381 // JVNDB: JVNDB-2014-008796 // CNVD: CNVD-2014-05308 // BID: 69390

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-05308

AFFECTED PRODUCTS

vendor:grandingmodel:grand ma300scope:eqversion:6.60

Trust: 1.0

vendor:grandingmodel:grand ma 300scope: - version: -

Trust: 0.8

vendor:grandingmodel:grand ma 300/id withscope:eqversion:6.60

Trust: 0.6

sources: CNVD: CNVD-2014-05308 // JVNDB: JVNDB-2014-008796 // NVD: CVE-2014-5381

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-5381
value: CRITICAL

Trust: 1.0

NVD: CVE-2014-5381
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2014-05308
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202001-416
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2014-5381
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-05308
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2014-5381
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2014-5381
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2014-05308 // JVNDB: JVNDB-2014-008796 // CNNVD: CNNVD-202001-416 // NVD: CVE-2014-5381

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.8

sources: JVNDB: JVNDB-2014-008796 // NVD: CVE-2014-5381

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-416

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-416

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008796

PATCH
title:Top Pageurl:https://www.granding.com/home.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-008796

EXTERNAL IDS
db:NVDid:CVE-2014-5381
Trust: 3.3
db:BIDid:69390
Trust: 2.5
db:PACKETSTORMid:128003
Trust: 2.4
db:JVNDBid:JVNDB-2014-008796
Trust: 0.8
db:CNVDid:CNVD-2014-05308
Trust: 0.6
db:CNNVDid:CNNVD-202001-416
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-05308 // 
            
            
            
            BID: 69390 // 
            
            
            
            JVNDB: JVNDB-2014-008796 // 
            
            
            
            CNNVD: CNNVD-202001-416 // 
            
            
            
            NVD: CVE-2014-5381

REFERENCES
url:http://packetstormsecurity.com/files/128003/grand-ma-300-fingerprint-reader-weak-pin-verification.html
Trust: 2.4
url:http://seclists.org/fulldisclosure/2014/aug/70
Trust: 2.2
url:http://www.securityfocus.com/bid/69390
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/95485
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2014-5381
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5381
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2014-05308 // 
            
            
            
            JVNDB: JVNDB-2014-008796 // 
            
            
            
            CNNVD: CNNVD-202001-416 // 
            
            
            
            NVD: CVE-2014-5381

CREDITS
LSE Leading Security Experts GmbH Eric Sesterhenn
Trust: 0.3
sources:
            
            
            BID: 69390

SOURCES
db:CNVDid:CNVD-2014-05308
db:BIDid:69390
db:JVNDBid:JVNDB-2014-008796
db:CNNVDid:CNNVD-202001-416
db:NVDid:CVE-2014-5381

LAST UPDATE DATE
2024-11-23T22:05:50.023000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-05308date:2014-08-29T00:00:00
db:BIDid:69390date:2014-08-26T00:00:00
db:JVNDBid:JVNDB-2014-008796date:2020-01-31T00:00:00
db:CNNVDid:CNNVD-202001-416date:2023-05-25T00:00:00
db:NVDid:CVE-2014-5381date:2024-11-21T02:11:56.637

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-05308date:2014-08-29T00:00:00
db:BIDid:69390date:2014-08-26T00:00:00
db:JVNDBid:JVNDB-2014-008796date:2020-01-31T00:00:00
db:CNNVDid:CNNVD-202001-416date:2020-01-13T00:00:00
db:NVDid:CVE-2014-5381date:2020-01-13T13:15:12.053