Search criteria
2 vulnerabilities found for door_access_control by secom
CVE-2021-35962 (GCVE-0-2021-35962)
Vulnerability from nvd – Published: 2021-07-16 15:20 – Updated: 2024-09-16 17:44
VLAI?
Title
TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal
Summary
Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html | x_refsource_MISC |
| https://www.chtsecurity.com/news/d7ec2db9-12dd-43… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| TAIWAN SECOM CO., LTD., | Door Access Control and Personnel Attendance Management system |
Affected:
unspecified , ≤ 3.3.2
(custom)
|
|
| TAIWAN SECOM CO., LTD., | Door Access Control and Personnel Attendance Management system |
Affected:
unspecified , ≤ 3.4.0.0.3.12_20210525
(custom)
|
Date Public ?
2021-07-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Door Access Control"
],
"product": "Door Access Control and Personnel Attendance Management system",
"vendor": "TAIWAN SECOM CO., LTD.,",
"versions": [
{
"lessThanOrEqual": "3.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Personnel Attendance system"
],
"product": "Door Access Control and Personnel Attendance Management system",
"vendor": "TAIWAN SECOM CO., LTD.,",
"versions": [
{
"lessThanOrEqual": "3.4.0.0.3.12_20210525",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T15:20:35.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to:\nPersonnel Attendance system ver. 3.4.0.0.3.12_20210525"
}
],
"source": {
"advisory": "TVN-202107003",
"discovery": "EXTERNAL"
},
"title": "TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-07-15T11:19:00.000Z",
"ID": "CVE-2021-35962",
"STATE": "PUBLIC",
"TITLE": "TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control and Personnel Attendance Management system",
"version": {
"version_data": [
{
"platform": "Door Access Control",
"version_affected": "\u003c=",
"version_value": "3.3.2"
},
{
"platform": "Personnel Attendance system",
"version_affected": "\u003c=",
"version_value": "3.4.0.0.3.12_20210525"
}
]
}
}
]
},
"vendor_name": "TAIWAN SECOM CO., LTD.,"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html"
},
{
"name": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to:\nPersonnel Attendance system ver. 3.4.0.0.3.12_20210525"
}
],
"source": {
"advisory": "TVN-202107003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-35962",
"datePublished": "2021-07-16T15:20:35.841Z",
"dateReserved": "2021-06-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:44:17.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35962 (GCVE-0-2021-35962)
Vulnerability from cvelistv5 – Published: 2021-07-16 15:20 – Updated: 2024-09-16 17:44
VLAI?
Title
TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal
Summary
Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html | x_refsource_MISC |
| https://www.chtsecurity.com/news/d7ec2db9-12dd-43… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| TAIWAN SECOM CO., LTD., | Door Access Control and Personnel Attendance Management system |
Affected:
unspecified , ≤ 3.3.2
(custom)
|
|
| TAIWAN SECOM CO., LTD., | Door Access Control and Personnel Attendance Management system |
Affected:
unspecified , ≤ 3.4.0.0.3.12_20210525
(custom)
|
Date Public ?
2021-07-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Door Access Control"
],
"product": "Door Access Control and Personnel Attendance Management system",
"vendor": "TAIWAN SECOM CO., LTD.,",
"versions": [
{
"lessThanOrEqual": "3.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Personnel Attendance system"
],
"product": "Door Access Control and Personnel Attendance Management system",
"vendor": "TAIWAN SECOM CO., LTD.,",
"versions": [
{
"lessThanOrEqual": "3.4.0.0.3.12_20210525",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T15:20:35.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to:\nPersonnel Attendance system ver. 3.4.0.0.3.12_20210525"
}
],
"source": {
"advisory": "TVN-202107003",
"discovery": "EXTERNAL"
},
"title": "TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-07-15T11:19:00.000Z",
"ID": "CVE-2021-35962",
"STATE": "PUBLIC",
"TITLE": "TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control and Personnel Attendance Management system",
"version": {
"version_data": [
{
"platform": "Door Access Control",
"version_affected": "\u003c=",
"version_value": "3.3.2"
},
{
"platform": "Personnel Attendance system",
"version_affected": "\u003c=",
"version_value": "3.4.0.0.3.12_20210525"
}
]
}
}
]
},
"vendor_name": "TAIWAN SECOM CO., LTD.,"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html"
},
{
"name": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to:\nPersonnel Attendance system ver. 3.4.0.0.3.12_20210525"
}
],
"source": {
"advisory": "TVN-202107003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-35962",
"datePublished": "2021-07-16T15:20:35.841Z",
"dateReserved": "2021-06-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:44:17.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}