Lucene search

TwcertCVELIST:CVE-2021-35961

HistoryJul 16, 2021 - 3:20 p.m.

CVE-2021-35961 TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Use of Hard-coded Credentials

2021-07-1615:20:34

CWE-798

twcert

www.cve.org

taiwan secom

limited access

default password

highest permission

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.004

Percentile

75.1%

JSON

Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission.

CNA Affected

[
  {
    "platforms": [
      "Personnel Attendance system"
    ],
    "product": "Door Access Control and Personnel Attendance Management system",
    "vendor": "TAIWAN SECOM CO., LTD.,",
    "versions": [
      {
        "lessThanOrEqual": "3.4.0.0.3.12_20210525",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.chtsecurity.com/news/2e4e69d5-2e32-4f73-ac7e-a66432e020e4

www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.004

Percentile

75.1%

JSON

Related for CVELIST:CVE-2021-35961