CVE-2020-3934

TAIWAN SECOM CO., LTD. - Pre-auth SQL Injection

Description

TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command.

Remediation

Solution:

Update to: Door Access Control system ver. 3.5.4 Personnel Attendance system prior to ver. 3.4.0.0.3.05_20191112

References

Link	Tags
https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac	third party advisory
https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b	third party advisory
https://www.twcert.org.tw/en/cp-139-3318-89f76-2.html	third party advisory

Frequently Asked Questions

What is the severity of CVE-2020-3934?: CVE-2020-3934 has been scored as a critical severity vulnerability.
How to fix CVE-2020-3934?: To fix CVE-2020-3934: Update to: Door Access Control system ver. 3.5.4 Personnel Attendance system prior to ver. 3.4.0.0.3.05_20191112
Is CVE-2020-3934 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2020-3934 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-3934?: CVE-2020-3934 affects TAIWAN SECOM CO., LTD. Door Access Control system, TAIWAN SECOM CO., LTD. Personnel Attendance system.

Description

Remediation

Category

CWE-89 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

References

Frequently Asked Questions