Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Secom Subscribe
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-26671 1 Secom 2 Dr.id Access Control, Dr.id Attendance System 2022-04-14 7.5 HIGH 7.3 HIGH
Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service.
CVE-2020-3934 1 Secom 2 Dr.id Access Control, Dr.id Attendance System 2022-01-01 7.5 HIGH 9.8 CRITICAL
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command.
CVE-2020-3933 1 Secom 2 Dr.id Access Control, Dr.id Attendance System 2022-01-01 5.0 MEDIUM 5.3 MEDIUM
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system.
CVE-2020-3935 1 Secom 2 Dr.id Access Control, Dr.id Attendance System 2021-12-22 5.0 MEDIUM 7.5 HIGH
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers.
CVE-2021-35961 1 Secom 1 Dr.id Access Control 2021-08-02 10.0 HIGH 9.8 CRITICAL
Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission.
CVE-2021-35962 1 Secom 2 Door Access Control, Personnel Attendance System 2021-08-02 5.0 MEDIUM 7.5 HIGH
Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission.