Datalogic AV7000 Linear Barcode Scanner (ICSA-19-239-02)

The NCCIC has published an advisory on an authentication bypass using an alternate path of channel vulnerability in Datalogic AV7000 Linear Barcode Scanner. All versions prior to 4.6.0.0 are affected. Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication through issues in the HTTP authentication process. Datalogic reports a new version of the firmware was released to mitigate the reported vulnerability. The NCCIC also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.