CVE-2019-25279— FaceSentry Access Control System 6.4.8 Cleartext Password Storage Vulnerability

CVSS 7.5 · High EPSS 0.07% · P20 Updated Jan 17, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-25279

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

FaceSentry Access Control System 6.4.8 Cleartext Password Storage Vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive login information stored in /faceGuard/database/FaceSentryWeb.sqlite without additional authentication.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

敏感数据的明文存储

Source: NVD (National Vulnerability Database)

Vulnerability Title

iWT FaceSentry Access Control System 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

iWT FaceSentry Access Control System是中国iWT公司的一个人脸识别门禁控制设备 iWT FaceSentry Access Control System 6.4.8版本存在安全漏洞，该漏洞源于明文存储密码，可能导致凭据泄露。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
iWT Ltd.	FaceSentry Access Control System	6.4.8 build 264	-

II. Public POCs for CVE-2019-25279

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2019-25279

请登录查看更多情报信息。

https://packetstormsecurity.com/files/153501exploit
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5529.phpthird-party-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/163190vdb-entry
https://nvd.nist.gov/vuln/detail/CVE-2019-25279

Same Patch Batch · iWT Ltd. · 2026-01-07 · 3 CVEs total

CVE-2019-25277	6.1 MEDIUM	FaceSentry Access Control System 6.4.8 Reflected Cross-Site Scripting via pluginInstall.ph
CVE-2019-25278	5.9 MEDIUM	FaceSentry Access Control System 6.4.8 Authentication Credentials MiTM Disclosure

IV. Related Vulnerabilities

Same product: FaceSentry Access Control System

Same vendor: iWT Ltd.

Same weakness: CWE-312

V. Comments for CVE-2019-25279

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2019-25279— FaceSentry Access Control System 6.4.8 Cleartext Password Storage Vulnerability

I. Basic Information for CVE-2019-25279

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2019-25279

III. Intelligence Information for CVE-2019-25279

Same Patch Batch · iWT Ltd. · 2026-01-07 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2019-25279

Leave a comment