Volerion logoVolerion
Volerion logoVolerion

Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

FaceSentry Access Control System Hard-Coded SSH Credentials and Privilege Escalation Vulnerability

Vulnerability

A critical authentication vulnerability has been identified in FaceSentry Access Control System version 6.4.8. The vulnerability arises from hard-coded SSH credentials for the wwwuser account, allowing unauthorized access. Attackers can exploit an insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication.

Impact

Exploitation of this vulnerability allows for unauthorized SSH access as the wwwuser account, with subsequent privilege escalation to root.

Reproduction

The vulnerability can be reproduced by connecting to the device via SSH on port 23445 using the hard-coded credentials wwwuser and 123456. Once logged in, the wwwuser account can execute sudo commands without authentication, taking advantage of the insecure sudoers configuration to gain root access.

Added: Dec 24, 2025, 8:31 PM
Updated: Dec 24, 2025, 9:36 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
7.5
exploitability
9.4
remediation
0.0
relevance
1.6
threat
8.0
urgency
2.9
incentive
10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.