Description
Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html
Third Party Advisory x_refsource_misc
https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054
Scores
CVSS v3
7.5
EPSS
0.0178
EPSS Percentile
75.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
secom/door_access_control
< 3.3.2
secom/personnel_attendance_system
< 3.4.0.0.3.12_20210525
Published
Jul 16, 2021
Tracked Since
Feb 18, 2026