CVE-2019-25242
CSRF in FaceSentry 6.4.8 Enables Unauthorized Admin Actions
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| iwt_ltd | facesentry_access_control_system | 5.7.0 |
| iwt_ltd | facesentry_access_control_system | 5.7.2 |
| iwt_ltd | facesentry_access_control_system | 6.4.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25242 is a Cross-Site Request Forgery (CSRF) vulnerability in FaceSentry Access Control System version 6.4.8 and earlier firmware versions. It allows attackers to trick authenticated users into loading malicious web pages that perform unauthorized administrative actions without their consent. These actions include changing administrator passwords, adding new admin users, enrolling special cards with elevated privileges, and remotely opening access control doors. The vulnerability exists because the web application interface does not properly validate the authenticity of HTTP requests, enabling attackers to execute privileged operations if a logged-in user visits a crafted malicious website. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized administrative control over the FaceSentry Access Control System. An attacker can change administrator passwords, add new administrative users, enroll special cards with elevated privileges, and open doors remotely without user consent. This compromises the security of physical access control, potentially allowing unauthorized individuals to gain access to restricted areas, disrupt operations, or manipulate user management and system settings. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized or suspicious HTTP POST requests to specific endpoints of the FaceSentry Access Control System's web interface, such as personalSetting.php, userList.php, specialCard.php, and openDoor.php. These requests may include parameters that change administrator passwords, add new admin users, enroll special cards, or open doors. Detection can involve capturing and analyzing web traffic for such POST requests without proper CSRF tokens or validation. Specific commands are not provided, but using tools like Wireshark or tcpdump to capture HTTP traffic and grep or similar tools to filter POST requests to these endpoints can help identify exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the FaceSentry web administration interface to trusted networks or IP addresses, educating users to avoid visiting untrusted or suspicious websites while logged into the system, and monitoring for suspicious HTTP POST requests to administrative endpoints. Since the vulnerability arises from lack of CSRF protection, applying any available patches or firmware updates from the vendor is recommended if available. If no patch is available, consider disabling web administration or implementing additional network-level protections such as web application firewalls to block unauthorized requests. [1, 2]