TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal
CVE-2021-35962

7.5HIGH

Key Information:

Vendor: Taiwan Secom Co., Ltd.,
Status: Door Access Control And Personnel Attendance Management System
Vendor: CVE Published:; 15 July 2021

Summary

Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission.

Affected Version(s)

Door Access Control and Personnel Attendance Management system Door Access Control <= 3.3.2

Door Access Control and Personnel Attendance Management system Personnel Attendance system <= 3.4.0.0.3.12_20210525

References

https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html

x_refsource_MISC

https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2021
Vulnerability Reserved
Jun 30, 2021