本ページは secom dr.id_access_control に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-7731 | Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents. | [email protected] | 9.8 | 1.33% | 2024-08-14 | 2024-08-22 |
| CVE-2022-26671 | Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service. | [email protected] | 7.3 | 0.65% | 2022-04-07 | 2024-11-21 |
| CVE-2021-35961 | Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission. | [email protected] | 9.8 | 1.58% | 2021-07-16 | 2024-11-21 |
| CVE-2020-3935 | TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers. | [email protected] | 7.5 | 0.15% | 2020-02-11 | 2024-11-21 |
| CVE-2020-3934 | TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command. | [email protected] | 9.8 | 0.38% | 2020-02-11 | 2024-11-21 |
| CVE-2020-3933 | TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system. | [email protected] | 5.3 | 0.46% | 2020-02-11 | 2024-11-21 |