Honeywell IP-AK2 Access Controller

Platform Information https://honeywellsecurity.com.au/IP-AK2
Search Engine Search on Google
End of Sales -
End of Support -
Wired Connection Yes
Wireless Connection -
Fingerprinting Source HTTPS NIC VENDOR
Added at Aug 13, 2019
Manufacturer Name Honeywell International Inc.
Homepage https://www.honeywell.com/
Headquarters United States of America
Business Status Ongoing

Platform’s Common Vulnerabilities and Exposures (CVE)
CVE-ID
Severity v3.0
Severity v2.0
Description
CVE-2019-13525
10/25/2019
MEDIUM
In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network.
Manufacturer’s Common Vulnerabilities and Exposures (CVE)
CVE-ID
Severity v3.0
Severity v2.0
Description
CVE-2019-18230
10/31/2019
MEDIUM
Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP.
CVE-2019-18228
10/31/2019
MEDIUM
Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service.
CVE-2019-18226
10/31/2019
HIGH
Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.
CVE-2019-13525
10/25/2019
MEDIUM
In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network.
CVE-2019-13523
09/26/2019
MEDIUM
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.