CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic Door Access Control and Personnel Attendance Management System
The Vulnerability Report of Door Access Control and Personnel Attendance Management System
Attackers could use below vulnerabilities to infiltrate enterprise networks and collect employee account and passwords.
Summary
1. [CVE-2020-3933]
Current Description
A Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system.
2. [CVE-2020-3934]
Current Description
A Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command.
Source: MITRE
3. [CVE-2020-3935]
Current Description
A Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers.
Source: MITRE
Update to 門禁(Access control) Ver 3.5.4 考勤(Attendance) Ver 3.4.0.0.3.05_20191112
Reference
Credit
Hans (CHT Security)