> root@ks-dev:~#

2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts.

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application.

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges.

2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges.

API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges.

/etc/timezone can be Arbitrarily Written.

/etc/avahi/services/z9.service can be Arbitrarily Written.

Denial of Service Due to SlowLoris.

Web UI Malfunction when setting unexpected locale via API.

Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).

CVE-2025-12554. Details pending publication on NVD.

Email Server Certificate Verification Disabled.

CVE-2025-12552. Details pending publication on NVD.

Credits Page not Matching Versions in Use in the Firmware.

Lack of Graceful Error Handling - HTTP 5xx Error.

Systemic Internal Server Errors - HTTP 500 Response.

Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.

Non-Compliant TLS Configuration.

CVE-2025-12477. Details pending publication on NVD.

CVE-2025-12476. Details pending publication on NVD.

CVE-2025-12425. Details pending publication on NVD.

Privilege Escalation through SUID-bit Binary.

Protocol manipulation might lead to denial of service.

Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.

Error Messages Wrapped In HTTP Header.

CVE-2025-12364. Details pending publication on NVD.

CVE-2025-12363. Details pending publication on NVD.

CVE-2025-12285. Details pending publication on NVD.

CVE-2025-12284. Details pending publication on NVD.

CVE-2025-12278. Details pending publication on NVD.

Mail Configuration File Manipulation + Command Execution.

Busybox 1.31.1 - Multiple Known Vulnerabilities.

Busybox 1.31.1 - Multiple Known Vulnerabilities.

Vulnerable Components in Azure Access OS.

CVE-2025-12218. Details pending publication on NVD.

SNMP Default Community String (public).

Malicious / Malformed App can be Installed but not Uninstalled/may lead to unavailability.

Undocumented administrative accounts were getting created to facilitate access for applications running on board.

Enabled serial console could potentially leak information that might help attacker to find vulnerabilities.

Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript context.

CVE-2025-12001. Details pending publication on NVD.

Incorrect Content-Type header in one of the APIs (text/html instead of application/json) replies may potentially allow injection of HTML/JavaScript into reply.

Allocation of Resources Without Limits or Throttling allows Flooding.

Several vulnerabilities have been discovered in the HTTP server response of the Symphony MX web interface which are caused by missing common HTTP security headers. Due to insufficient cache control, a threat actor could read sensitive data stored within the browser cache on the local machine. The missing content type options header permits the browser to incorrectly identify content types when no content type is specified by the server. A firmware update is required to fix the vulnerability.

A vulnerability has been discovered in the Symphony MX web interface which allows uploading arbitrary data to the internal media storage "Media", where audio and images are stored. Due to insufficient input and file content validation, an authenticated attacker could upload malicious files. If successful, a threat actor can trick an authenticated user to run malicious file content on the local machine. A firmware update is required to fix the vulnerability. Note: Symphony MX devices cannot protect authenticated users from downloading and executing files.

The Symphony MX device contains a privileged executable file that is writeable, creating a critical security vulnerability. Threat actors with access to the device could exploit this vulnerability by modifying the executable with malicious code, which could then be executed with root privileges. If successful, attackers could achieve complete system compromise, establish persistence, execute arbitrary commands with root privileges or create backdoors for ongoing unauthorised access. A firmware update is required to fix the vulnerability. Note: Symphony MX devices are protected against local attack vectors, as remote maintenance via SSH is disabled by default.

A security issue was discovered where local users can escalate privileges by manipulating environment variables that affect privileged processes. Threat actors could exploit this vulnerability by injecting malicious values into environment variables used by services running with elevated privileges. If successful, attackers could execute arbitrary commands with elevated privileges, potentially leading to complete system compromise, unauthorised access to sensitive data or the ability to modify the system configuration or security controls.

Several vulnerabilities have been discovered in the Symphony MX web interface. Due to missing HTTP security headers, the web interface is vulnerable to clickjacking and cross-frame scripting (XFS) attacks. An attacker could embed the web interface into a crafted HTML web page. Such a malicious web page could introduce hidden mechanism to steal the credentials during user authentication or to modify the device configuration without being noticed. A firmware update is required to fix the vulnerability.

2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices.

Specifically crafted payloads sent to the RFID reader could cause DoS of RFID reader. After the device is restarted, it gets back to fully working state.

Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log.

A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service.

Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface. Further exploitation could not be proven due to this being a totally blind test case, but should be considered.

Batik is a Java-based toolkit for applications or applets that want to use images in the Scalable Vector Graphics (SVG) format for various purposes, such as display, generation or manipulation. [1] Batik offers several classes for svg to png/jpg conversion, which suffer from a XML External Entity Injection due to the evaluation of external entities within the given svg file. If an application offers the possibility to upload a svg file an attacker can put in a malicious formed file and retrieve sensitive information such as the content of files of the respective server. The type of file that can be retrieved depends on the user context in which the application is running. Further information about the vulnerability can be seen here: [2].