Login Sign Up

CVE-2020-11542

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability allows complete authentication bypass on 3xLOGIC Infinias eIDC32 physical access control devices by manipulating the CMD.HTM endpoint. Attackers can gain administrative access to door control systems without valid credentials. Organizations using these specific devices with vulnerable firmware are affected.

💻 Affected Systems

Products:
  • 3xLOGIC Infinias eIDC32
Versions: Firmware 2.213 with Web 1.107
Operating Systems: Embedded system
Default Config Vulnerable: ⚠️ Yes
Notes: Devices with web interface enabled are vulnerable. The authentication bypass occurs via client-side interpretation of the <KEY>MYKEY</KEY> parameter.

📦 What is this software?

Infinias Eidc32 Firmware by 3xlogic

View all CVEs affecting Infinias Eidc32 Firmware →

Infinias Eidc32 Web by 3xlogic

View all CVEs affecting Infinias Eidc32 Web →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative control over physical access systems, allowing them to unlock doors, disable alarms, manipulate access logs, and potentially compromise connected systems.

🟠

Likely Case

Unauthorized individuals gain physical access to restricted areas by bypassing door controls, potentially leading to theft, sabotage, or unauthorized entry.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to isolated physical access systems with no lateral movement to IT networks.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only web access to the device and manipulation of the CMD parameter. No authentication or special tools needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not publicly available

Restart Required: No

Instructions:

No official patch available. Contact 3xLOGIC for firmware updates or replacement options.

🔧 Temporary Workarounds

Network Isolation

all

Remove vulnerable devices from internet-facing networks and place behind firewalls with strict access controls.

Disable Web Interface

all

Disable the web management interface if not required for operations.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate eIDC32 devices from other networks
  • Deploy network monitoring and intrusion detection specifically for these devices

🔍 How to Verify

Check if Vulnerable:

Access device web interface and attempt to navigate to CMD.HTM?CMD= with various parameters. If authentication is bypassed, device is vulnerable.

Check Version:

Check device web interface or physical label for firmware version information

Verify Fix Applied:

Test authentication bypass attempts after implementing workarounds to ensure they fail.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to CMD.HTM endpoint
  • Authentication bypass attempts
  • Multiple failed login attempts followed by successful access

Network Indicators:

  • HTTP requests to CMD.HTM with CMD parameter manipulation
  • Traffic to eIDC32 devices from unexpected sources

SIEM Query:

source_ip="eIDC32_device" AND (url="*CMD.HTM*" OR url="*CMD=*")

📊 Metadata

CVE ID: CVE-2020-11542
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-287
Published: April 4, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-11542, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)