TVN ID | TVN-202107003 |
---|---|
CVE ID | CVE-2021-35962 |
CVSS | 7.5 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Affected Products | Door Access Control to ver. 3.3.2Personnel Attendance system prior to ver. 3.3.0.5.06_20180522 |
Description | Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission. |
Solution | Update to:Personnel Attendance system ver. 3.4.0.0.3.12_20210525 |
Credit | Tony Kuo (CHT Security) |
Public Date | 2021-07-15 |