Vulnerabilities in HID Mercury Access Controllers Allow Hackers to Unlock Doors

84
Vulnerabilities in HID Mercury Access Controllers Allow Hackers to Unlock Doors

HID-based access control products Mercury controllers have serious flaws that can be used by hackers to unlock doors remotely.

Researchers at XDR business Trellix, which emerged earlier this year following the merging of McAfee Enterprise and FireEye, uncovered the flaws. The flaws were discovered in LenelS2 devices — a physical security division of HVAC giant Carrier — but Trellix said it had proof from HID Global that all OEM partners who use particular hardware controllers are impacted.

Trellix researchers discovered eight vulnerabilities, seven of which were classified as “critical” or “high” in severity. Remote code execution, command injection, denial-of-service (DoS), information spoofing, and writing arbitrary files are all possible exploits.

Read More: https://www.securityweek.com/vulnerabilities-hid-mercury-access-controllers-allow-hackers-unlock-doors