Search criteria
4 vulnerabilities found for Door Access Control and Personnel Attendance Management system by TAIWAN SECOM CO., LTD.,
CVE-2021-35962 (GCVE-0-2021-35962)
Vulnerability from nvd – Published: 2021-07-16 15:20 – Updated: 2024-09-16 17:44
VLAI?
Title
TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal
Summary
Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html | x_refsource_MISC |
| https://www.chtsecurity.com/news/d7ec2db9-12dd-43… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| TAIWAN SECOM CO., LTD., | Door Access Control and Personnel Attendance Management system |
Affected:
unspecified , ≤ 3.3.2
(custom)
|
|
| TAIWAN SECOM CO., LTD., | Door Access Control and Personnel Attendance Management system |
Affected:
unspecified , ≤ 3.4.0.0.3.12_20210525
(custom)
|
Date Public ?
2021-07-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Door Access Control"
],
"product": "Door Access Control and Personnel Attendance Management system",
"vendor": "TAIWAN SECOM CO., LTD.,",
"versions": [
{
"lessThanOrEqual": "3.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Personnel Attendance system"
],
"product": "Door Access Control and Personnel Attendance Management system",
"vendor": "TAIWAN SECOM CO., LTD.,",
"versions": [
{
"lessThanOrEqual": "3.4.0.0.3.12_20210525",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T15:20:35.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to:\nPersonnel Attendance system ver. 3.4.0.0.3.12_20210525"
}
],
"source": {
"advisory": "TVN-202107003",
"discovery": "EXTERNAL"
},
"title": "TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-07-15T11:19:00.000Z",
"ID": "CVE-2021-35962",
"STATE": "PUBLIC",
"TITLE": "TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control and Personnel Attendance Management system",
"version": {
"version_data": [
{
"platform": "Door Access Control",
"version_affected": "\u003c=",
"version_value": "3.3.2"
},
{
"platform": "Personnel Attendance system",
"version_affected": "\u003c=",
"version_value": "3.4.0.0.3.12_20210525"
}
]
}
}
]
},
"vendor_name": "TAIWAN SECOM CO., LTD.,"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html"
},
{
"name": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to:\nPersonnel Attendance system ver. 3.4.0.0.3.12_20210525"
}
],
"source": {
"advisory": "TVN-202107003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-35962",
"datePublished": "2021-07-16T15:20:35.841Z",
"dateReserved": "2021-06-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:44:17.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35961 (GCVE-0-2021-35961)
Vulnerability from nvd – Published: 2021-07-16 15:20 – Updated: 2024-09-17 01:16
VLAI?
Title
TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Use of Hard-coded Credentials
Summary
Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission.
Severity ?
9.8 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html | x_refsource_MISC |
| https://www.chtsecurity.com/news/2e4e69d5-2e32-4f… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TAIWAN SECOM CO., LTD., | Door Access Control and Personnel Attendance Management system |
Affected:
unspecified , ≤ 3.4.0.0.3.12_20210525
(custom)
|
Date Public ?
2021-07-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:42.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/2e4e69d5-2e32-4f73-ac7e-a66432e020e4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Personnel Attendance system"
],
"product": "Door Access Control and Personnel Attendance Management system",
"vendor": "TAIWAN SECOM CO., LTD.,",
"versions": [
{
"lessThanOrEqual": "3.4.0.0.3.12_20210525",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T15:20:34.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/2e4e69d5-2e32-4f73-ac7e-a66432e020e4"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to:\nPersonnel Attendance system ver. 3.4.0.0.3.12_20210525"
}
],
"source": {
"advisory": "TVN-202107002",
"discovery": "EXTERNAL"
},
"title": "TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Use of Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-07-15T11:19:00.000Z",
"ID": "CVE-2021-35961",
"STATE": "PUBLIC",
"TITLE": "TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Use of Hard-coded Credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control and Personnel Attendance Management system",
"version": {
"version_data": [
{
"platform": "Personnel Attendance system",
"version_affected": "\u003c=",
"version_value": "3.4.0.0.3.12_20210525"
}
]
}
}
]
},
"vendor_name": "TAIWAN SECOM CO., LTD.,"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html"
},
{
"name": "https://www.chtsecurity.com/news/2e4e69d5-2e32-4f73-ac7e-a66432e020e4",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/2e4e69d5-2e32-4f73-ac7e-a66432e020e4"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to:\nPersonnel Attendance system ver. 3.4.0.0.3.12_20210525"
}
],
"source": {
"advisory": "TVN-202107002",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-35961",
"datePublished": "2021-07-16T15:20:34.752Z",
"dateReserved": "2021-06-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:16:12.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35962 (GCVE-0-2021-35962)
Vulnerability from cvelistv5 – Published: 2021-07-16 15:20 – Updated: 2024-09-16 17:44
VLAI?
Title
TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal
Summary
Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html | x_refsource_MISC |
| https://www.chtsecurity.com/news/d7ec2db9-12dd-43… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| TAIWAN SECOM CO., LTD., | Door Access Control and Personnel Attendance Management system |
Affected:
unspecified , ≤ 3.3.2
(custom)
|
|
| TAIWAN SECOM CO., LTD., | Door Access Control and Personnel Attendance Management system |
Affected:
unspecified , ≤ 3.4.0.0.3.12_20210525
(custom)
|
Date Public ?
2021-07-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Door Access Control"
],
"product": "Door Access Control and Personnel Attendance Management system",
"vendor": "TAIWAN SECOM CO., LTD.,",
"versions": [
{
"lessThanOrEqual": "3.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Personnel Attendance system"
],
"product": "Door Access Control and Personnel Attendance Management system",
"vendor": "TAIWAN SECOM CO., LTD.,",
"versions": [
{
"lessThanOrEqual": "3.4.0.0.3.12_20210525",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T15:20:35.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to:\nPersonnel Attendance system ver. 3.4.0.0.3.12_20210525"
}
],
"source": {
"advisory": "TVN-202107003",
"discovery": "EXTERNAL"
},
"title": "TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-07-15T11:19:00.000Z",
"ID": "CVE-2021-35962",
"STATE": "PUBLIC",
"TITLE": "TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control and Personnel Attendance Management system",
"version": {
"version_data": [
{
"platform": "Door Access Control",
"version_affected": "\u003c=",
"version_value": "3.3.2"
},
{
"platform": "Personnel Attendance system",
"version_affected": "\u003c=",
"version_value": "3.4.0.0.3.12_20210525"
}
]
}
}
]
},
"vendor_name": "TAIWAN SECOM CO., LTD.,"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html"
},
{
"name": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to:\nPersonnel Attendance system ver. 3.4.0.0.3.12_20210525"
}
],
"source": {
"advisory": "TVN-202107003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-35962",
"datePublished": "2021-07-16T15:20:35.841Z",
"dateReserved": "2021-06-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:44:17.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35961 (GCVE-0-2021-35961)
Vulnerability from cvelistv5 – Published: 2021-07-16 15:20 – Updated: 2024-09-17 01:16
VLAI?
Title
TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Use of Hard-coded Credentials
Summary
Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission.
Severity ?
9.8 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html | x_refsource_MISC |
| https://www.chtsecurity.com/news/2e4e69d5-2e32-4f… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TAIWAN SECOM CO., LTD., | Door Access Control and Personnel Attendance Management system |
Affected:
unspecified , ≤ 3.4.0.0.3.12_20210525
(custom)
|
Date Public ?
2021-07-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:42.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/2e4e69d5-2e32-4f73-ac7e-a66432e020e4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Personnel Attendance system"
],
"product": "Door Access Control and Personnel Attendance Management system",
"vendor": "TAIWAN SECOM CO., LTD.,",
"versions": [
{
"lessThanOrEqual": "3.4.0.0.3.12_20210525",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T15:20:34.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/2e4e69d5-2e32-4f73-ac7e-a66432e020e4"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to:\nPersonnel Attendance system ver. 3.4.0.0.3.12_20210525"
}
],
"source": {
"advisory": "TVN-202107002",
"discovery": "EXTERNAL"
},
"title": "TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Use of Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-07-15T11:19:00.000Z",
"ID": "CVE-2021-35961",
"STATE": "PUBLIC",
"TITLE": "TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Use of Hard-coded Credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control and Personnel Attendance Management system",
"version": {
"version_data": [
{
"platform": "Personnel Attendance system",
"version_affected": "\u003c=",
"version_value": "3.4.0.0.3.12_20210525"
}
]
}
}
]
},
"vendor_name": "TAIWAN SECOM CO., LTD.,"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html"
},
{
"name": "https://www.chtsecurity.com/news/2e4e69d5-2e32-4f73-ac7e-a66432e020e4",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/2e4e69d5-2e32-4f73-ac7e-a66432e020e4"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to:\nPersonnel Attendance system ver. 3.4.0.0.3.12_20210525"
}
],
"source": {
"advisory": "TVN-202107002",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-35961",
"datePublished": "2021-07-16T15:20:34.752Z",
"dateReserved": "2021-06-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:16:12.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}