Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission.
References
Link | Resource |
---|---|
https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054 | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html | Third Party Advisory |
https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054 | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:12
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054 - Third Party Advisory | |
References | () https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html - Third Party Advisory |
02 Aug 2021, 17:33
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054 - Third Party Advisory | |
References | (MISC) https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html - Third Party Advisory | |
CWE | CWE-22 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:secom:personnel_attendance_system:*:*:*:*:*:*:*:* cpe:2.3:a:secom:door_access_control:*:*:*:*:*:*:*:* |
16 Jul 2021, 16:55
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-16 16:15
Updated : 2024-11-21 06:12
NVD link : CVE-2021-35962
Mitre link : CVE-2021-35962
CVE.ORG link : CVE-2021-35962
JSON object : View
Products Affected
secom
- door_access_control
- personnel_attendance_system
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')