CVE-2021-35962
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TAIWAN SECOM CO., LTD., | Door Access Control and Personnel Attendance Management system | unspecified <= 3.3.2 | affected |
| TAIWAN SECOM CO., LTD., | Door Access Control and Personnel Attendance Management system | unspecified <= 3.4.0.0.3.12_20210525 | affected |
Weaknesses
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CVE Program Container
Additional References
- https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html
- https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054
References
- https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html
- https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.