Lucene search

TwcertCVELIST:CVE-2022-26671

HistoryApr 07, 2022 - 6:22 p.m.

CVE-2022-26671 TAIWAN SECOM CO., LTD., a xDoor Access Control and Personnel Attendance Management system - Hard-coded Credentials

2022-04-0718:22:40

CWE-798

twcert

www.cve.org

taiwan secom

dr.id access control

hard-coded credentials

vulnerability

remote attacker

service disruption

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service.

CNA Affected

[
  {
    "product": "Personnel Attendance Management system",
    "vendor": "TAIWAN SECOM CO., LTD.,",
    "versions": [
      {
        "status": "affected",
        "version": "3.4.0.0.3.11"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-5971-b691f-1.html

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

Related for CVELIST:CVE-2022-26671