Vulnerabilities > Secom

DATE CVE VULNERABILITY TITLE RISK
2024-08-14 CVE-2024-7731 SQL Injection vulnerability in Secom Dr.Id Access Control 3.3.2
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.
network
low complexity
secom CWE-89
critical
 9.8
9.8
2024-08-14 CVE-2024-7732 SQL Injection vulnerability in Secom Dr.Id Attendance System 3.3.0.320160517/3.4.0.0.3.11
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.
network
low complexity
secom CWE-89
critical
 9.8
9.8
2022-04-07 CVE-2022-26671 Use of Hard-coded Credentials vulnerability in Secom Dr.Id Access Control and Dr.Id Attendance System
Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code.
network
low complexity
secom CWE-798
7.3
7.3
2021-07-16 CVE-2021-35961 Use of Hard-coded Credentials vulnerability in Secom Dr.Id Access Control 3.3.2
Dr.
network
low complexity
secom CWE-798
critical
 9.8
9.8
2021-07-16 CVE-2021-35962 Path Traversal vulnerability in Secom Door Access Control and Personnel Attendance System
Specific page parameters in Dr.
network
low complexity
secom CWE-22
7.5
7.5
2020-02-11 CVE-2020-3935 Cleartext Storage of Sensitive Information vulnerability in Secom Dr.Id Access Control and Dr.Id Attendance System
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers.
network
low complexity
secom CWE-312
7.5
7.5
2020-02-11 CVE-2020-3934 SQL Injection vulnerability in Secom Dr.Id Access Control and Dr.Id Attendance System
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command.
network
low complexity
secom CWE-89
critical
 9.8
9.8
2020-02-11 CVE-2020-3933 Unspecified vulnerability in Secom Dr.Id Access Control and Dr.Id Attendance System
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system.
network
low complexity
secom
5.3
5.3