High
CVE-2020-6972
The Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser.
CVE-2020-6974
The affected product is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories.
Honeywell
Notifier Web Server (NWS) Version 3.50 and earlier
Honeywell has released a firmware update package |