Dr.Id Access Control Security Vulnerabilities
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system.
5.3CVSS
5.2AI Score
0.001EPSS
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command.
9.8CVSS
9.5AI Score
0.002EPSS
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores usersβ information by cleartext in the cookie, which divulges password to attackers.
7.5CVSS
7.4AI Score
0.001EPSS
Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission.
9.8CVSS
9.5AI Score
0.004EPSS
Taiwan Secom Dr.ID Access Control systemβs login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service.
7.3CVSS
6.9AI Score
0.002EPSS