Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for dr.id_access_control by secom
CVE-2024-7731 (GCVE-0-2024-7731)
Vulnerability from nvd – Published: 2024-08-14 06:30 – Updated: 2024-08-14 13:23
VLAI
EPSS
VEX
Title
SECOM Dr.ID Access control system - SQL injection
Summary
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-8005-c3c94-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-8006-036f5-2.html | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SECOM | Dr.ID Access control system |
Affected:
0 , < 3.6.3
(custom)
|
|
| secom | dr.id_access_control |
Affected:
0 , < 3.6.3
(custom)
cpe:2.3:a:secom:dr.id_access_control:*:*:*:*:*:*:*:* |
Date Public
2024-08-14 05:50
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:secom:dr.id_access_control:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "dr.id_access_control",
"vendor": "secom",
"versions": [
{
"lessThan": "3.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T13:22:17.990182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T13:23:19.734Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dr.ID Access control system",
"vendor": "SECOM",
"versions": [
{
"lessThan": "3.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-08-14T05:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.\u003c/span\u003e"
}
],
"value": "Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T06:30:58.938Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8005-c3c94-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8006-036f5-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Dr.ID Access Control System to version 3.6.3 or later."
}
],
"value": "Update Dr.ID Access Control System to version 3.6.3 or later."
}
],
"source": {
"advisory": "TVN-202408005",
"discovery": "EXTERNAL"
},
"title": "SECOM Dr.ID Access control system - SQL injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-7731",
"datePublished": "2024-08-14T06:30:58.938Z",
"dateReserved": "2024-08-13T09:59:40.403Z",
"dateUpdated": "2024-08-14T13:23:19.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26671 (GCVE-0-2022-26671)
Vulnerability from nvd – Published: 2022-04-07 18:22 – Updated: 2024-09-17 00:31
VLAI
EPSS
VEX
Title
TAIWAN SECOM CO., LTD., a xDoor Access Control and Personnel Attendance Management system - Hard-coded Credentials
Summary
Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service.
Severity
7.3 (High)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-5971-b691f-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TAIWAN SECOM CO., LTD., | Personnel Attendance Management system |
Affected:
3.4.0.0.3.11
|
Date Public
2022-03-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:44.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5971-b691f-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Personnel Attendance Management system",
"vendor": "TAIWAN SECOM CO., LTD.,",
"versions": [
{
"status": "affected",
"version": "3.4.0.0.3.11"
}
]
}
],
"datePublic": "2022-03-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Taiwan Secom Dr.ID Access Control system\u2019s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-07T18:22:40.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5971-b691f-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Personnel Attendance system to v3.4.0.0.3.13_20211214"
}
],
"source": {
"advisory": "TVN-202203004",
"discovery": "EXTERNAL"
},
"title": "TAIWAN SECOM CO., LTD., a xDoor Access Control and Personnel Attendance Management system - Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-03-31T02:30:00.000Z",
"ID": "CVE-2022-26671",
"STATE": "PUBLIC",
"TITLE": "TAIWAN SECOM CO., LTD., a xDoor Access Control and Personnel Attendance Management system - Hard-coded Credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Personnel Attendance Management system",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.4.0.0.3.11"
}
]
}
}
]
},
"vendor_name": "TAIWAN SECOM CO., LTD.,"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Taiwan Secom Dr.ID Access Control system\u2019s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5971-b691f-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5971-b691f-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Personnel Attendance system to v3.4.0.0.3.13_20211214"
}
],
"source": {
"advisory": "TVN-202203004",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-26671",
"datePublished": "2022-04-07T18:22:40.988Z",
"dateReserved": "2022-03-08T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:31:07.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35961 (GCVE-0-2021-35961)
Vulnerability from nvd – Published: 2021-07-16 15:20 – Updated: 2024-09-17 01:16
VLAI
EPSS
VEX
Title
TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Use of Hard-coded Credentials
Summary
Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission.
Severity
9.8 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html | x_refsource_MISC |
| https://www.chtsecurity.com/news/2e4e69d5-2e32-4f… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TAIWAN SECOM CO., LTD., | Door Access Control and Personnel Attendance Management system |
Affected:
unspecified , ≤ 3.4.0.0.3.12_20210525
(custom)
|
Date Public
2021-07-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:42.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/2e4e69d5-2e32-4f73-ac7e-a66432e020e4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Personnel Attendance system"
],
"product": "Door Access Control and Personnel Attendance Management system",
"vendor": "TAIWAN SECOM CO., LTD.,",
"versions": [
{
"lessThanOrEqual": "3.4.0.0.3.12_20210525",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T15:20:34.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/2e4e69d5-2e32-4f73-ac7e-a66432e020e4"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to:\nPersonnel Attendance system ver. 3.4.0.0.3.12_20210525"
}
],
"source": {
"advisory": "TVN-202107002",
"discovery": "EXTERNAL"
},
"title": "TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Use of Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-07-15T11:19:00.000Z",
"ID": "CVE-2021-35961",
"STATE": "PUBLIC",
"TITLE": "TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Use of Hard-coded Credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control and Personnel Attendance Management system",
"version": {
"version_data": [
{
"platform": "Personnel Attendance system",
"version_affected": "\u003c=",
"version_value": "3.4.0.0.3.12_20210525"
}
]
}
}
]
},
"vendor_name": "TAIWAN SECOM CO., LTD.,"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html"
},
{
"name": "https://www.chtsecurity.com/news/2e4e69d5-2e32-4f73-ac7e-a66432e020e4",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/2e4e69d5-2e32-4f73-ac7e-a66432e020e4"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to:\nPersonnel Attendance system ver. 3.4.0.0.3.12_20210525"
}
],
"source": {
"advisory": "TVN-202107002",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-35961",
"datePublished": "2021-07-16T15:20:34.752Z",
"dateReserved": "2021-06-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:16:12.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3935 (GCVE-0-2020-3935)
Vulnerability from nvd – Published: 2020-02-11 08:00 – Updated: 2024-09-16 22:19
VLAI
EPSS
VEX
Title
TAIWAN SECOM CO., LTD. – Sensitivity Information Exposure
Summary
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers.
Severity
7.5 (High)
CWE
- Sensitivity Information Exposure
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.chtsecurity.com/news/1bb85fcd-9048-45… | x_refsource_MISC |
| https://gist.github.com/chtsecurity/4db471b34c395… | x_refsource_MISC |
| https://www.twcert.org.tw/en/cp-139-3319-d7b65-2.html | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| TAIWAN SECOM CO., LTD. | Door Access Control system |
Affected:
0 , ≤ 3.3.2
(custom)
|
|
| TAIWAN SECOM CO., LTD. | Personnel Attendance system |
Affected:
0 , ≤ 3.3.0.3_20160517
(custom)
|
Date Public
2020-02-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-139-3319-d7b65-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control system",
"vendor": "TAIWAN SECOM CO., LTD.",
"versions": [
{
"lessThanOrEqual": "3.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "Personnel Attendance system",
"vendor": "TAIWAN SECOM CO., LTD.",
"versions": [
{
"lessThanOrEqual": "3.3.0.3_20160517",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users\u2019 information by cleartext in the cookie, which divulges password to attackers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Sensitivity Information Exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-27T12:12:47.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/en/cp-139-3319-d7b65-2.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to:\nDoor Access Control system ver. 3.5.4\nPersonnel Attendance system prior to ver. 3.4.0.0.3.05_20191112"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TAIWAN SECOM CO., LTD. \u2013 Sensitivity Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-02-11T03:59:00.000Z",
"ID": "CVE-2020-3935",
"STATE": "PUBLIC",
"TITLE": "TAIWAN SECOM CO., LTD. \u2013 Sensitivity Information Exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control system",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "3.3.2"
}
]
}
},
{
"product_name": "Personnel Attendance system",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "3.3.0.3_20160517"
}
]
}
}
]
},
"vendor_name": "TAIWAN SECOM CO., LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users\u2019 information by cleartext in the cookie, which divulges password to attackers."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sensitivity Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac"
},
{
"name": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b",
"refsource": "MISC",
"url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b"
},
{
"name": "https://www.twcert.org.tw/en/cp-139-3319-d7b65-2.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/en/cp-139-3319-d7b65-2.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to:\nDoor Access Control system ver. 3.5.4\nPersonnel Attendance system prior to ver. 3.4.0.0.3.05_20191112"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3935",
"datePublished": "2020-02-11T08:00:30.076Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:19:57.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3933 (GCVE-0-2020-3933)
Vulnerability from nvd – Published: 2020-02-11 08:00 – Updated: 2024-09-17 03:23
VLAI
EPSS
VEX
Title
TAIWAN SECOM CO., LTD. - User Account Enumeration
Summary
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system.
Severity
5.3 (Medium)
CWE
- User Account Enumeration
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/en/cp-139-3317-d4edc-2.html | x_refsource_MISC |
| https://www.chtsecurity.com/news/1bb85fcd-9048-45… | x_refsource_MISC |
| https://gist.github.com/chtsecurity/4db471b34c395… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| TAIWAN SECOM CO., LTD. | Door Access Control system |
Affected:
0 , ≤ 3.3.2
(custom)
|
|
| TAIWAN SECOM CO., LTD. | Personnel Attendance system |
Affected:
0 , ≤ 3.3.0.3_20160517
(custom)
|
Date Public
2020-02-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:19.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-139-3317-d4edc-2.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control system",
"vendor": "TAIWAN SECOM CO., LTD.",
"versions": [
{
"lessThanOrEqual": "3.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "Personnel Attendance system",
"vendor": "TAIWAN SECOM CO., LTD.",
"versions": [
{
"lessThanOrEqual": "3.3.0.3_20160517",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "User Account Enumeration",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-27T12:12:47.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/en/cp-139-3317-d4edc-2.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to:\nDoor Access Control system ver. 3.5.4\nPersonnel Attendance system prior to ver. 3.4.0.0.3.05_20191112"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TAIWAN SECOM CO., LTD. - User Account Enumeration",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-02-11T03:59:00.000Z",
"ID": "CVE-2020-3933",
"STATE": "PUBLIC",
"TITLE": "TAIWAN SECOM CO., LTD. - User Account Enumeration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control system",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "3.3.2"
}
]
}
},
{
"product_name": "Personnel Attendance system",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "3.3.0.3_20160517"
}
]
}
}
]
},
"vendor_name": "TAIWAN SECOM CO., LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Account Enumeration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-139-3317-d4edc-2.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/en/cp-139-3317-d4edc-2.html"
},
{
"name": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac"
},
{
"name": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b",
"refsource": "MISC",
"url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to:\nDoor Access Control system ver. 3.5.4\nPersonnel Attendance system prior to ver. 3.4.0.0.3.05_20191112"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3933",
"datePublished": "2020-02-11T08:00:29.196Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:23:28.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3934 (GCVE-0-2020-3934)
Vulnerability from nvd – Published: 2020-02-11 08:00 – Updated: 2024-09-17 01:45
VLAI
EPSS
VEX
Title
TAIWAN SECOM CO., LTD. - Pre-auth SQL Injection
Summary
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command.
Severity
9.8 (Critical)
CWE
- Pre-auth SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.chtsecurity.com/news/1bb85fcd-9048-45… | x_refsource_MISC |
| https://gist.github.com/chtsecurity/4db471b34c395… | x_refsource_MISC |
| https://www.twcert.org.tw/en/cp-139-3318-89f76-2.html | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| TAIWAN SECOM CO., LTD. | Door Access Control system |
Affected:
0 , ≤ 3.3.2
(custom)
|
|
| TAIWAN SECOM CO., LTD. | Personnel Attendance system |
Affected:
0 , ≤ 3.3.0.3_20160517
(custom)
|
Date Public
2020-02-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-139-3318-89f76-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control system",
"vendor": "TAIWAN SECOM CO., LTD.",
"versions": [
{
"lessThanOrEqual": "3.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "Personnel Attendance system",
"vendor": "TAIWAN SECOM CO., LTD.",
"versions": [
{
"lessThanOrEqual": "3.3.0.3_20160517",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Pre-auth SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-27T12:12:47.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/en/cp-139-3318-89f76-2.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to:\nDoor Access Control system ver. 3.5.4\nPersonnel Attendance system prior to ver. 3.4.0.0.3.05_20191112"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TAIWAN SECOM CO., LTD. - Pre-auth SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-02-11T03:59:00.000Z",
"ID": "CVE-2020-3934",
"STATE": "PUBLIC",
"TITLE": "TAIWAN SECOM CO., LTD. - Pre-auth SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control system",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "3.3.2"
}
]
}
},
{
"product_name": "Personnel Attendance system",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "3.3.0.3_20160517"
}
]
}
}
]
},
"vendor_name": "TAIWAN SECOM CO., LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Pre-auth SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac"
},
{
"name": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b",
"refsource": "MISC",
"url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b"
},
{
"name": "https://www.twcert.org.tw/en/cp-139-3318-89f76-2.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/en/cp-139-3318-89f76-2.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to:\nDoor Access Control system ver. 3.5.4\nPersonnel Attendance system prior to ver. 3.4.0.0.3.05_20191112"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3934",
"datePublished": "2020-02-11T08:00:29.639Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:45:45.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7731 (GCVE-0-2024-7731)
Vulnerability from cvelistv5 – Published: 2024-08-14 06:30 – Updated: 2024-08-14 13:23
VLAI
EPSS
VEX
Title
SECOM Dr.ID Access control system - SQL injection
Summary
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-8005-c3c94-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-8006-036f5-2.html | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SECOM | Dr.ID Access control system |
Affected:
0 , < 3.6.3
(custom)
|
|
| secom | dr.id_access_control |
Affected:
0 , < 3.6.3
(custom)
cpe:2.3:a:secom:dr.id_access_control:*:*:*:*:*:*:*:* |
Date Public
2024-08-14 05:50
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:secom:dr.id_access_control:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "dr.id_access_control",
"vendor": "secom",
"versions": [
{
"lessThan": "3.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T13:22:17.990182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T13:23:19.734Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dr.ID Access control system",
"vendor": "SECOM",
"versions": [
{
"lessThan": "3.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-08-14T05:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.\u003c/span\u003e"
}
],
"value": "Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T06:30:58.938Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8005-c3c94-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8006-036f5-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Dr.ID Access Control System to version 3.6.3 or later."
}
],
"value": "Update Dr.ID Access Control System to version 3.6.3 or later."
}
],
"source": {
"advisory": "TVN-202408005",
"discovery": "EXTERNAL"
},
"title": "SECOM Dr.ID Access control system - SQL injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-7731",
"datePublished": "2024-08-14T06:30:58.938Z",
"dateReserved": "2024-08-13T09:59:40.403Z",
"dateUpdated": "2024-08-14T13:23:19.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26671 (GCVE-0-2022-26671)
Vulnerability from cvelistv5 – Published: 2022-04-07 18:22 – Updated: 2024-09-17 00:31
VLAI
EPSS
VEX
Title
TAIWAN SECOM CO., LTD., a xDoor Access Control and Personnel Attendance Management system - Hard-coded Credentials
Summary
Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service.
Severity
7.3 (High)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-5971-b691f-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TAIWAN SECOM CO., LTD., | Personnel Attendance Management system |
Affected:
3.4.0.0.3.11
|
Date Public
2022-03-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:44.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5971-b691f-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Personnel Attendance Management system",
"vendor": "TAIWAN SECOM CO., LTD.,",
"versions": [
{
"status": "affected",
"version": "3.4.0.0.3.11"
}
]
}
],
"datePublic": "2022-03-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Taiwan Secom Dr.ID Access Control system\u2019s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-07T18:22:40.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5971-b691f-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Personnel Attendance system to v3.4.0.0.3.13_20211214"
}
],
"source": {
"advisory": "TVN-202203004",
"discovery": "EXTERNAL"
},
"title": "TAIWAN SECOM CO., LTD., a xDoor Access Control and Personnel Attendance Management system - Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-03-31T02:30:00.000Z",
"ID": "CVE-2022-26671",
"STATE": "PUBLIC",
"TITLE": "TAIWAN SECOM CO., LTD., a xDoor Access Control and Personnel Attendance Management system - Hard-coded Credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Personnel Attendance Management system",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.4.0.0.3.11"
}
]
}
}
]
},
"vendor_name": "TAIWAN SECOM CO., LTD.,"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Taiwan Secom Dr.ID Access Control system\u2019s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5971-b691f-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5971-b691f-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Personnel Attendance system to v3.4.0.0.3.13_20211214"
}
],
"source": {
"advisory": "TVN-202203004",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-26671",
"datePublished": "2022-04-07T18:22:40.988Z",
"dateReserved": "2022-03-08T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:31:07.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35961 (GCVE-0-2021-35961)
Vulnerability from cvelistv5 – Published: 2021-07-16 15:20 – Updated: 2024-09-17 01:16
VLAI
EPSS
VEX
Title
TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Use of Hard-coded Credentials
Summary
Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission.
Severity
9.8 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html | x_refsource_MISC |
| https://www.chtsecurity.com/news/2e4e69d5-2e32-4f… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TAIWAN SECOM CO., LTD., | Door Access Control and Personnel Attendance Management system |
Affected:
unspecified , ≤ 3.4.0.0.3.12_20210525
(custom)
|
Date Public
2021-07-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:42.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/2e4e69d5-2e32-4f73-ac7e-a66432e020e4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Personnel Attendance system"
],
"product": "Door Access Control and Personnel Attendance Management system",
"vendor": "TAIWAN SECOM CO., LTD.,",
"versions": [
{
"lessThanOrEqual": "3.4.0.0.3.12_20210525",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T15:20:34.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/2e4e69d5-2e32-4f73-ac7e-a66432e020e4"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to:\nPersonnel Attendance system ver. 3.4.0.0.3.12_20210525"
}
],
"source": {
"advisory": "TVN-202107002",
"discovery": "EXTERNAL"
},
"title": "TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Use of Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-07-15T11:19:00.000Z",
"ID": "CVE-2021-35961",
"STATE": "PUBLIC",
"TITLE": "TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Use of Hard-coded Credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control and Personnel Attendance Management system",
"version": {
"version_data": [
{
"platform": "Personnel Attendance system",
"version_affected": "\u003c=",
"version_value": "3.4.0.0.3.12_20210525"
}
]
}
}
]
},
"vendor_name": "TAIWAN SECOM CO., LTD.,"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html"
},
{
"name": "https://www.chtsecurity.com/news/2e4e69d5-2e32-4f73-ac7e-a66432e020e4",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/2e4e69d5-2e32-4f73-ac7e-a66432e020e4"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to:\nPersonnel Attendance system ver. 3.4.0.0.3.12_20210525"
}
],
"source": {
"advisory": "TVN-202107002",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-35961",
"datePublished": "2021-07-16T15:20:34.752Z",
"dateReserved": "2021-06-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:16:12.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3935 (GCVE-0-2020-3935)
Vulnerability from cvelistv5 – Published: 2020-02-11 08:00 – Updated: 2024-09-16 22:19
VLAI
EPSS
VEX
Title
TAIWAN SECOM CO., LTD. – Sensitivity Information Exposure
Summary
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers.
Severity
7.5 (High)
CWE
- Sensitivity Information Exposure
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.chtsecurity.com/news/1bb85fcd-9048-45… | x_refsource_MISC |
| https://gist.github.com/chtsecurity/4db471b34c395… | x_refsource_MISC |
| https://www.twcert.org.tw/en/cp-139-3319-d7b65-2.html | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| TAIWAN SECOM CO., LTD. | Door Access Control system |
Affected:
0 , ≤ 3.3.2
(custom)
|
|
| TAIWAN SECOM CO., LTD. | Personnel Attendance system |
Affected:
0 , ≤ 3.3.0.3_20160517
(custom)
|
Date Public
2020-02-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-139-3319-d7b65-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control system",
"vendor": "TAIWAN SECOM CO., LTD.",
"versions": [
{
"lessThanOrEqual": "3.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "Personnel Attendance system",
"vendor": "TAIWAN SECOM CO., LTD.",
"versions": [
{
"lessThanOrEqual": "3.3.0.3_20160517",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users\u2019 information by cleartext in the cookie, which divulges password to attackers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Sensitivity Information Exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-27T12:12:47.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/en/cp-139-3319-d7b65-2.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to:\nDoor Access Control system ver. 3.5.4\nPersonnel Attendance system prior to ver. 3.4.0.0.3.05_20191112"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TAIWAN SECOM CO., LTD. \u2013 Sensitivity Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-02-11T03:59:00.000Z",
"ID": "CVE-2020-3935",
"STATE": "PUBLIC",
"TITLE": "TAIWAN SECOM CO., LTD. \u2013 Sensitivity Information Exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control system",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "3.3.2"
}
]
}
},
{
"product_name": "Personnel Attendance system",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "3.3.0.3_20160517"
}
]
}
}
]
},
"vendor_name": "TAIWAN SECOM CO., LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users\u2019 information by cleartext in the cookie, which divulges password to attackers."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sensitivity Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac"
},
{
"name": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b",
"refsource": "MISC",
"url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b"
},
{
"name": "https://www.twcert.org.tw/en/cp-139-3319-d7b65-2.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/en/cp-139-3319-d7b65-2.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to:\nDoor Access Control system ver. 3.5.4\nPersonnel Attendance system prior to ver. 3.4.0.0.3.05_20191112"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3935",
"datePublished": "2020-02-11T08:00:30.076Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:19:57.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3934 (GCVE-0-2020-3934)
Vulnerability from cvelistv5 – Published: 2020-02-11 08:00 – Updated: 2024-09-17 01:45
VLAI
EPSS
VEX
Title
TAIWAN SECOM CO., LTD. - Pre-auth SQL Injection
Summary
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command.
Severity
9.8 (Critical)
CWE
- Pre-auth SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.chtsecurity.com/news/1bb85fcd-9048-45… | x_refsource_MISC |
| https://gist.github.com/chtsecurity/4db471b34c395… | x_refsource_MISC |
| https://www.twcert.org.tw/en/cp-139-3318-89f76-2.html | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| TAIWAN SECOM CO., LTD. | Door Access Control system |
Affected:
0 , ≤ 3.3.2
(custom)
|
|
| TAIWAN SECOM CO., LTD. | Personnel Attendance system |
Affected:
0 , ≤ 3.3.0.3_20160517
(custom)
|
Date Public
2020-02-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-139-3318-89f76-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control system",
"vendor": "TAIWAN SECOM CO., LTD.",
"versions": [
{
"lessThanOrEqual": "3.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "Personnel Attendance system",
"vendor": "TAIWAN SECOM CO., LTD.",
"versions": [
{
"lessThanOrEqual": "3.3.0.3_20160517",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Pre-auth SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-27T12:12:47.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/en/cp-139-3318-89f76-2.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to:\nDoor Access Control system ver. 3.5.4\nPersonnel Attendance system prior to ver. 3.4.0.0.3.05_20191112"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TAIWAN SECOM CO., LTD. - Pre-auth SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-02-11T03:59:00.000Z",
"ID": "CVE-2020-3934",
"STATE": "PUBLIC",
"TITLE": "TAIWAN SECOM CO., LTD. - Pre-auth SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control system",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "3.3.2"
}
]
}
},
{
"product_name": "Personnel Attendance system",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "3.3.0.3_20160517"
}
]
}
}
]
},
"vendor_name": "TAIWAN SECOM CO., LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Pre-auth SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac"
},
{
"name": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b",
"refsource": "MISC",
"url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b"
},
{
"name": "https://www.twcert.org.tw/en/cp-139-3318-89f76-2.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/en/cp-139-3318-89f76-2.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to:\nDoor Access Control system ver. 3.5.4\nPersonnel Attendance system prior to ver. 3.4.0.0.3.05_20191112"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3934",
"datePublished": "2020-02-11T08:00:29.639Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:45:45.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3933 (GCVE-0-2020-3933)
Vulnerability from cvelistv5 – Published: 2020-02-11 08:00 – Updated: 2024-09-17 03:23
VLAI
EPSS
VEX
Title
TAIWAN SECOM CO., LTD. - User Account Enumeration
Summary
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system.
Severity
5.3 (Medium)
CWE
- User Account Enumeration
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/en/cp-139-3317-d4edc-2.html | x_refsource_MISC |
| https://www.chtsecurity.com/news/1bb85fcd-9048-45… | x_refsource_MISC |
| https://gist.github.com/chtsecurity/4db471b34c395… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| TAIWAN SECOM CO., LTD. | Door Access Control system |
Affected:
0 , ≤ 3.3.2
(custom)
|
|
| TAIWAN SECOM CO., LTD. | Personnel Attendance system |
Affected:
0 , ≤ 3.3.0.3_20160517
(custom)
|
Date Public
2020-02-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:19.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-139-3317-d4edc-2.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control system",
"vendor": "TAIWAN SECOM CO., LTD.",
"versions": [
{
"lessThanOrEqual": "3.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "Personnel Attendance system",
"vendor": "TAIWAN SECOM CO., LTD.",
"versions": [
{
"lessThanOrEqual": "3.3.0.3_20160517",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "User Account Enumeration",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-27T12:12:47.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/en/cp-139-3317-d4edc-2.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to:\nDoor Access Control system ver. 3.5.4\nPersonnel Attendance system prior to ver. 3.4.0.0.3.05_20191112"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TAIWAN SECOM CO., LTD. - User Account Enumeration",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-02-11T03:59:00.000Z",
"ID": "CVE-2020-3933",
"STATE": "PUBLIC",
"TITLE": "TAIWAN SECOM CO., LTD. - User Account Enumeration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control system",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "3.3.2"
}
]
}
},
{
"product_name": "Personnel Attendance system",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "3.3.0.3_20160517"
}
]
}
}
]
},
"vendor_name": "TAIWAN SECOM CO., LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Account Enumeration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-139-3317-d4edc-2.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/en/cp-139-3317-d4edc-2.html"
},
{
"name": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac"
},
{
"name": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b",
"refsource": "MISC",
"url": "https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to:\nDoor Access Control system ver. 3.5.4\nPersonnel Attendance system prior to ver. 3.4.0.0.3.05_20191112"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3933",
"datePublished": "2020-02-11T08:00:29.196Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:23:28.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}