CVE-2020-3933

TAIWAN SECOM CO., LTD. - User Account Enumeration

Description

TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system.

Remediation

Solution:

  • Update to: Door Access Control system ver. 3.5.4 Personnel Attendance system prior to ver. 3.4.0.0.3.05_20191112
5.3
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.46%
Third-Party Advisory github.com Third-Party Advisory chtsecurity.com Third-Party Advisory org.tw
Affected: TAIWAN SECOM CO., LTD. Door Access Control system
Affected: TAIWAN SECOM CO., LTD. Personnel Attendance system
Published at:
Updated at:

References

Link Tags
https://www.twcert.org.tw/en/cp-139-3317-d4edc-2.html third party advisory
https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac third party advisory
https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b third party advisory

Frequently Asked Questions

What is the severity of CVE-2020-3933?
CVE-2020-3933 has been scored as a medium severity vulnerability.
How to fix CVE-2020-3933?
To fix CVE-2020-3933: Update to: Door Access Control system ver. 3.5.4 Personnel Attendance system prior to ver. 3.4.0.0.3.05_20191112
Is CVE-2020-3933 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2020-3933 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-3933?
CVE-2020-3933 affects TAIWAN SECOM CO., LTD. Door Access Control system, TAIWAN SECOM CO., LTD. Personnel Attendance system.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.