Vulnerability Description
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Secom | Dr.Id Access Control | < 3.3.2 |
| Secom | Dr.Id Attendance System | < 3.3.0.3_20160517 |
Related Weaknesses (CWE)
References
- https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760bThird Party Advisory
- https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bacThird Party Advisory
- https://www.twcert.org.tw/en/cp-139-3318-89f76-2.htmlThird Party Advisory
- https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760bThird Party Advisory
- https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bacThird Party Advisory
- https://www.twcert.org.tw/en/cp-139-3318-89f76-2.htmlThird Party Advisory
FAQ
What is CVE-2020-3934?
CVE-2020-3934 is a vulnerability with a CVSS score of 9.8 (CRITICAL). TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command.
How severe is CVE-2020-3934?
CVE-2020-3934 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-3934?
Check the references section above for vendor advisories and patch information. Affected products include: Secom Dr.Id Access Control, Secom Dr.Id Attendance System.