CVE-2021-35962

Summary

Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission.

Affected Software

VendorProductVersion RangeStatus
TAIWAN SECOM CO., LTD.,Door Access Control and Personnel Attendance Management systemunspecified <= 3.3.2affected
TAIWAN SECOM CO., LTD.,Door Access Control and Personnel Attendance Management systemunspecified <= 3.4.0.0.3.12_20210525affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

References