Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission.
References
Link | Resource |
---|---|
https://www.chtsecurity.com/news/d7ec2db9-12dd-439f-b014-b956ce231054 | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-4906-89381-1.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2021-07-15T00:00:00
Updated: 2021-07-16T15:20:35
Reserved: 2021-06-30T00:00:00
Link: CVE-2021-35962
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-07-16T16:15:11.023
Modified: 2021-08-02T17:33:23.063
Link: CVE-2021-35962
JSON object: View
Redhat Information
No data.
CWE