Primary

Context

Lucky Technology Attendance Machines Missing Authentication Vulnerability

Vulnerability

A vulnerability allowing unauthorized access has been identified in Lucky Technology Ltd's attendance management devices, specifically the LM-520-SC, LM-520-FSC, and LM-520-FSC-SAM models, all versions prior to 20250321. This vulnerability arises from a lack of proper authentication in certain functionalities, enabling remote attackers to access sensitive personnel information and download attendance records from the affected organization.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive employee data and attendance records from the targeted company.

Remediation

It is recommended to implement strict firewall rules to mitigate this vulnerability.

Added: Jun 9, 2025, 12:18 PM

Updated: Jun 9, 2025, 1:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Lucky Technology Attendance Machines Missing Authentication Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating