Biostar 2 Server
Monthly
Unauthenticated denial of service in Suprema BioStar 2 Server versions 2.9.8, 2.9.10, and 2.9.11 allows remote attackers to halt critical processes by sending HTTP POST requests to the '/api/migration' endpoint, taking access control readers offline until manual service or server restart. No public exploit identified at time of analysis, though SSVC flags the attack as automatable with partial technical impact. Because BioStar 2 governs physical access control, the outage cascades to door readers and downstream third-party integrations, elevating real-world impact beyond a typical web-app DoS.
Unauthenticated denial of service in Suprema BioStar 2 Server versions 2.9.8, 2.9.10, and 2.9.11 allows remote attackers to halt critical processes by sending HTTP POST requests to the '/api/migration' endpoint, taking access control readers offline until manual service or server restart. No public exploit identified at time of analysis, though SSVC flags the attack as automatable with partial technical impact. Because BioStar 2 governs physical access control, the outage cascades to door readers and downstream third-party integrations, elevating real-world impact beyond a typical web-app DoS.