TAIWAN SECOM CO., LTD., a xDoor Access Control and Personnel Attendance Management system - Hard-coded Credentials
CVE-2022-26671

7.3HIGH

Key Information:

Vendor: Taiwan Secom Co., Ltd.,
Status: Personnel Attendance Management System
Vendor: CVE Published:; 31 March 2022

Summary

Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service.

Affected Version(s)

Personnel Attendance Management system 3.4.0.0.3.11

References

https://www.twcert.org.tw/tw/cp-132-5971-b691f-1.html

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2022
Vulnerability Reserved
Mar 8, 2022