CVE-2020-3933

TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
twcertCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
secomdr.id_access_control
𝑥
< 3.3.2
secomdr.id_attendance_system
𝑥
< 3.3.0.3_20160517
𝑥
= Vulnerable software versions
References
https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b
https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac
https://www.twcert.org.tw/en/cp-139-3317-d4edc-2.html
https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b
https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac
https://www.twcert.org.tw/en/cp-139-3317-d4edc-2.html