CVE-2021-41847

Public Exploit

Description

An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST requests, allowing them to view user data such as personal information and Prox card credentials. Also, an authorized user of one zone can send API requests to unlock electronic locks associated with zones they are unauthorized to have access to. They can also create new user logins for zones they were not authorized to access, including the root zone of the software.

Category

8.8
CVSS
Severity: High
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.50%
Vendor Advisory 3xlogic.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
https://www.3xlogic.com/infinias-access-control product vendor advisory
https://grant-rose.com/infinias-access-control-vulnerability/ third party advisory exploit
https://gitlab.com/grose88/infinias third party advisory exploit

Frequently Asked Questions

What is the severity of CVE-2021-41847?
CVE-2021-41847 has been scored as a high severity vulnerability.
How to fix CVE-2021-41847?
To fix CVE-2021-41847, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-41847 being actively exploited in the wild?
It is possible that CVE-2021-41847 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.