CVE-2021-35962

TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal

CVSS 7.5 HIGHEPSS 1.8%CWE-22

Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Productos afectados

TAIWAN SECOM CO., LTD., · Door Access Control and Personnel Attendance Management system

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054 https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html