CVE-2014-538113.01.2020, 13:15Grand MA 300 allows a brute-force attack on the PIN.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST9.8 CRITICALNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HmitreCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 97%VendorProductVersiongrandinggrand_ma300_firmware6.60𝑥= Vulnerable software versionsKnown Exploits!http://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.htmlhttp://seclists.org/fulldisclosure/2014/Aug/70http://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.htmlhttp://seclists.org/fulldisclosure/2014/Aug/70Common Weakness EnumerationCWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.Referenceshttp://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.htmlhttp://seclists.org/fulldisclosure/2014/Aug/70http://www.securityfocus.com/bid/69390https://exchange.xforce.ibmcloud.com/vulnerabilities/95485http://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.htmlhttp://seclists.org/fulldisclosure/2014/Aug/70http://www.securityfocus.com/bid/69390https://exchange.xforce.ibmcloud.com/vulnerabilities/95485