EyeLock is an advanced iris authentication and recognition solutions company focused on developing next-generation systems for global access control and identity management.
nano NXT® - the next generation of EyeLock’s revolutionary access control solutions. nano NXT renders all other access control peripherals obsolete by revolutionizing how identities are protected, authenticated, and managed. With a sleek low profile and powerful capabilities, the nano NXT redefines the future of access control. An optional SDK is available to customers who want to customize their security solutions to integrate seamlessly with existing applications. The nano NXT authenticates up to 20 people per minute, in-motion and at-a-distance with unparalleled accuracy. nano NXT can be used in a variety of environments including commercial/enterprise, corrections, data centers, education, financial services, government, healthcare facilities and hospitality.
Nano NXT is the most advanced compact iris-based identity authentication device in Eyelock's comprehensive suite of end-to-end identity authentication solutions. Nano NXT is a miniaturized iris-based recognition system capable of providing real-time identification, both in-motion and at a distance. The Nano NXT is an ideal replacement for card-based systems, and seamlessly controls access to turnstiles, secured entrances, server rooms and any other physical space. Similarly the device is powerful and compact enough to secure high-value transactions, critical databases, network workstations or any other information system.
EyeLock's nano NXT firmware latest version 3.5 (released 25.07.2016) suffers from multiple unauthenticated command injection vulnerabilities. The issue lies within the 'rpc.php' script located in the '/scripts' directory and can be triggered when user supplied input is not correctly sanitized while updating the local time for the device and/or get info from remote time server. The vulnerable script has two REQUEST parameters 'timeserver' and 'localtime' that are called within a shell_exec() function for setting the local time and the hardware clock of the device. An attacker can exploit these conditions gaining full system (root) access and execute OS commands on the affected device by injecting special characters to the affected parameters and further bypass the access control in place.