High severity8.8NVD Advisory· Published May 4, 2021· Updated Jun 17, 2026
CVE-2020-21999
CVE-2020-21999
Description
iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- iWT Ltd/FaceSentry Access Control Systemdescription
- Range: =6.4.8
Patches
Vulnerability mechanics
References
2- www.exploit-db.com/exploits/47066nvdExploitThird Party AdvisoryVDB Entry
- www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5525.phpnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.