Researchers at Dell Secureworks are warning a vulnerability in two keyless entry products could allow local attackers to lock and unlock doors and create illegitimate RFID badges by sending unauthenticated requests to affected devices.
Impacted are two AMAG Technology Symmetry IP-based access door controllers used in keyless door models EN-1DBC and EN-2DBC. Researchers say if the devices deployed with default configurations, attackers could abuse the systems by sending unauthenticated requests to door controllers via serial communication over TCP/IP.
“An attacker with network access to vulnerable door controllers could remotely trigger door lock and unlock commands,” wrote Secureworks in technical write-up of the vulnerability.
