Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for door_access_control by secom

    CVE-2021-35962 (GCVE-0-2021-35962)

    Vulnerability from nvd – Published: 2021-07-16 15:20 – Updated: 2024-09-16 17:44
    VLAI
    Title
    TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal
    Summary
    Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Date Public
    2021-07-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:47:43.367Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Door Access Control"
              ],
              "product": "Door Access Control and Personnel Attendance Management system",
              "vendor": "TAIWAN SECOM CO., LTD.,",
              "versions": [
                {
                  "lessThanOrEqual": "3.3.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Personnel Attendance system"
              ],
              "product": "Door Access Control and Personnel Attendance Management system",
              "vendor": "TAIWAN SECOM CO., LTD.,",
              "versions": [
                {
                  "lessThanOrEqual": "3.4.0.0.3.12_20210525",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T15:20:35.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to:\nPersonnel Attendance system ver. 3.4.0.0.3.12_20210525"
            }
          ],
          "source": {
            "advisory": "TVN-202107003",
            "discovery": "EXTERNAL"
          },
          "title": "TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2021-07-15T11:19:00.000Z",
              "ID": "CVE-2021-35962",
              "STATE": "PUBLIC",
              "TITLE": "TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Door Access Control and Personnel Attendance Management system",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Door Access Control",
                                "version_affected": "\u003c=",
                                "version_value": "3.3.2"
                              },
                              {
                                "platform": "Personnel Attendance system",
                                "version_affected": "\u003c=",
                                "version_value": "3.4.0.0.3.12_20210525"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TAIWAN SECOM CO., LTD.,"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html"
                },
                {
                  "name": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054",
                  "refsource": "MISC",
                  "url": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to:\nPersonnel Attendance system ver. 3.4.0.0.3.12_20210525"
              }
            ],
            "source": {
              "advisory": "TVN-202107003",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2021-35962",
        "datePublished": "2021-07-16T15:20:35.841Z",
        "dateReserved": "2021-06-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:44:17.942Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-35962 (GCVE-0-2021-35962)

    Vulnerability from cvelistv5 – Published: 2021-07-16 15:20 – Updated: 2024-09-16 17:44
    VLAI
    Title
    TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal
    Summary
    Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Date Public
    2021-07-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:47:43.367Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Door Access Control"
              ],
              "product": "Door Access Control and Personnel Attendance Management system",
              "vendor": "TAIWAN SECOM CO., LTD.,",
              "versions": [
                {
                  "lessThanOrEqual": "3.3.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Personnel Attendance system"
              ],
              "product": "Door Access Control and Personnel Attendance Management system",
              "vendor": "TAIWAN SECOM CO., LTD.,",
              "versions": [
                {
                  "lessThanOrEqual": "3.4.0.0.3.12_20210525",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-16T15:20:35.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to:\nPersonnel Attendance system ver. 3.4.0.0.3.12_20210525"
            }
          ],
          "source": {
            "advisory": "TVN-202107003",
            "discovery": "EXTERNAL"
          },
          "title": "TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2021-07-15T11:19:00.000Z",
              "ID": "CVE-2021-35962",
              "STATE": "PUBLIC",
              "TITLE": "TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Door Access Control and Personnel Attendance Management system",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Door Access Control",
                                "version_affected": "\u003c=",
                                "version_value": "3.3.2"
                              },
                              {
                                "platform": "Personnel Attendance system",
                                "version_affected": "\u003c=",
                                "version_value": "3.4.0.0.3.12_20210525"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TAIWAN SECOM CO., LTD.,"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html"
                },
                {
                  "name": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054",
                  "refsource": "MISC",
                  "url": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to:\nPersonnel Attendance system ver. 3.4.0.0.3.12_20210525"
              }
            ],
            "source": {
              "advisory": "TVN-202107003",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2021-35962",
        "datePublished": "2021-07-16T15:20:35.841Z",
        "dateReserved": "2021-06-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:44:17.942Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }