anonhaven
Ad

CVE-2019-25279

MEDIUM CVSS 4.0: 6.8 EPSS 0.06%
Updated Jan 16, 2026
Iwt
Parameter Value
CVSS 6.8 (MEDIUM)
Type CWE-312
Vendor Iwt
Public PoC Yes

FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive login information stored in /faceGuard/database/FaceSentryWeb.sqlite without additional authentication.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-312

Vulnerable Products 4

Configuration From (including) Up to (excluding)
Iwt Facesentry_Access_Control_System_Firmware
cpe:2.3:o:iwt:facesentry_access_control_system_firmware:5.7.0:*:*:*:*:*:*:*
Iwt Facesentry_Access_Control_System_Firmware
cpe:2.3:o:iwt:facesentry_access_control_system_firmware:5.7.2:*:*:*:*:*:*:*
Iwt Facesentry_Access_Control_System_Firmware
cpe:2.3:o:iwt:facesentry_access_control_system_firmware:6.4.8:*:*:*:*:*:*:*
Iwt Facesentry_Access_Control_System
cpe:2.3:h:iwt:facesentry_access_control_system:-:*:*:*:*:*:*:*

References 3

https://exchange.xforce.ibmcloud.com/vulnerabilities/163190
disclosure@vulncheck.com
https://packetstormsecurity.com/files/153501
disclosure@vulncheck.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5529.php
disclosure@vulncheck.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2019-25278

Iwt

9.1

CVE-2019-25277

Iwt

5.1

CVE-2019-25243

Iwt

8.7

CVE-2019-25242

Iwt

5.1

CVE-2019-25241

Iwt

9.8