Those “secure” door locks you see everywhere (eg in airports and the like). .Yeah, not so secure when you can send a single UDP broadcast packet to bulk unlock them all at once.
“”Discoveryd then builds up a path to /mnt/apps/bin/blink and calls system() to run the blink program with that number as an argument…And you can probably guess what comes next…..a lack of any sanitization on the user-supplied input that is fed to the system() call…..with a few simple UDP packets and no authentication whatsoever, you can permanently unlock any door…because the discoveryd service responds to broadcast UDP packets, you can do this to every single door on the network at the same time!””
http://blog.trendmicro.com/let-get-door-remote-root-vulnerability-hid-door-controllers/
http://blog.trendmicro.com/let-get-door-remote-root-vulnerability-hid-door-controllers/