Secom Dr.Id Access Control vulnerabilities
6 known vulnerabilities affecting secom/dr.id_access_control.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-35961P2CRITICALCVSS 9.8fixed in 3.4.0.0.3.12_202105252021-07-16
CVE-2021-35961 [CRITICAL] CWE-798 CVE-2021-35961: Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin defau
Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission.
nvd
CVE-2024-7731P2CRITICALCVSS 9.8fixed in 3.6.32024-08-14
CVE-2024-7731 [CRITICAL] CWE-89 CVE-2024-7731: Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowin
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.
nvd
CVE-2020-3934P3CRITICALCVSS 9.8fixed in 3.3.22020-02-11
CVE-2020-3934 [CRITICAL] CWE-89 CVE-2020-3934: TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command.
nvd
CVE-2022-26671P3HIGHCVSS 7.3v3.3.22022-04-07
CVE-2022-26671 [HIGH] CWE-798 CVE-2022-26671: Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code
Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service.
nvd
CVE-2020-3935P3HIGHCVSS 7.5v3.3.22020-02-11
CVE-2020-3935 [HIGH] CWE-312 CVE-2020-3935: TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores use
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers.
nvd
CVE-2020-3933P4MEDIUMCVSS 5.3fixed in 3.3.22020-02-11
CVE-2020-3933 [MEDIUM] CVE-2020-3933: TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, allows att
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system.
nvd