CVE-2021-31399 is a medium-severity vulnerability affecting 2N Access Unit devices running firmware version 2.0 2.31.0.40.5. The vulnerability allows an attacker to impersonate the web relay component of the device, enabling a man-in-the-middle (MITM) attack. In such an attack, the adversary intercepts and potentially alters communications between the legitimate user and the access control device. The CVSS 3.1 base score is 4.6, reflecting a vulnerability that requires low attack complexity and no privileges but does require user interaction. The attack vector is adjacent network (AV:A), meaning the attacker must be on the same or a connected network segment, such as a local network or VPN. The impact primarily affects availability (A:L) and confidentiality (C:L) but not integrity (I:N). This suggests that the attacker can disrupt service and gain limited access to sensitive information but cannot modify data or configurations directly. The vulnerability does not require authentication, increasing its risk, but user interaction is necessary, possibly involving the user accessing a malicious web relay or interface controlled by the attacker. No known exploits in the wild have been reported, and no patches or vendor advisories are linked in the provided data. The lack of detailed vendor or product information limits the ability to assess the full scope but the mention of 2N Access Unit devices indicates the affected product is a physical access control system used for secure entry management.

For European organizations, especially those using 2N Access Unit devices for physical access control, this vulnerability could lead to unauthorized interception of access control communications. This might allow attackers to disrupt access control operations, potentially causing denial of service or unauthorized monitoring of access events. Confidentiality of access logs or user credentials transmitted via the web relay could be compromised, increasing the risk of targeted attacks or social engineering. Organizations in sectors with high physical security requirements—such as government, critical infrastructure, finance, and transportation—may face operational disruptions and increased risk of physical breaches. The requirement for user interaction and adjacency limits remote exploitation but does not eliminate risk in environments where attackers can gain network proximity, such as through compromised internal devices or guest networks. The absence of known exploits suggests limited active threat but also underscores the importance of proactive mitigation to prevent future exploitation.

1. Network Segmentation: Isolate 2N Access Unit devices on dedicated VLANs or network segments with strict access controls to limit attacker proximity. 2. Use Encrypted Communication: Ensure that all communications with the access control devices use strong encryption protocols (e.g., HTTPS with valid certificates) to prevent interception or impersonation of web relays. 3. Firmware Updates: Regularly check for and apply firmware updates from 2N or authorized vendors, even though no patch link is provided here, to address this and other vulnerabilities. 4. Monitor Network Traffic: Implement network monitoring to detect unusual traffic patterns or attempts to impersonate devices within the local network. 5. User Awareness: Train users to recognize suspicious prompts or interactions that could facilitate MITM attacks, reducing the risk from required user interaction. 6. Access Control Hardening: Limit administrative access to the devices and use multi-factor authentication where possible to reduce the impact of intercepted credentials. 7. Incident Response Planning: Prepare for potential access control disruptions by having contingency plans to maintain physical security if devices are compromised.