TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center-TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system

TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Use of Hard-coded Credentials

TVN ID	TVN-202107002
CVE ID	CVE-2021-35961
CVSS	9.8(Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products	Personnel Attendance system prior to ver. 3.4.0.0.3.12_20210525
Description	Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission.
Solution	Update to: Personnel Attendance system ver. 3.4.0.0.3.12_20210525
Credit	Tony Kuo (CHT Security)
Public Date	2021-07-15

TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Use of Hard-coded Credentials