PT-2022-18000 · Taiwan Secom Co. · Taiwan Secom Dr.Id Access Control System

Annie Huang

Published

2022-04-07

Updated

2022-04-14

CVE-2022-26671

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Taiwan Secom Dr.ID Access Control system (affected versions not specified)

Description The Taiwan Secom Dr.ID Access Control system's login page contains a hard-coded credential in the source code. This allows an unauthenticated remote attacker to use the credential and acquire partial system information. The attacker can also modify system settings, causing partial disruption of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2022-26671

Affected Products

Taiwan Secom Dr.Id Access Control System

PT-2022-18000 · Taiwan Secom Co. · Taiwan Secom Dr.Id Access Control System

CVE-2022-26671

Weakness Enumeration

Related Identifiers

Affected Products

References · 6