← back
CVE-2021-35962

TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal

CVSS 7.5 HIGHEPSS 1.8%CWE-22
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 1.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
16 Jul 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
TAIWAN SECOM CO., LTD., · Door Access Control and Personnel Attendance Management system

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html