Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

SECOM

Source -

CNA

BOS Name -

N/A

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
4Vulnerabilities found
CVE-2024-10119
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 41.98%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 04:09
Updated-01 Nov, 2024 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SECOM WRTM326 - OS Command Injection

The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted requests.

Action-Not Available
Vendor-SECOMsecomZTE Corporation
Product-wrtm326wrtm326_firmwareWRTM326wrtm326_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-10118
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.70%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 04:03
Updated-18 Oct, 2024 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SECOM WRTR-304GN-304TW-UPSC - OS Command Injection

SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

Action-Not Available
Vendor-SECOMsecom
Product-WRTR-304GN-304TW-UPSCwrtr-304gn-304tw-upsc_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-7732
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.90% / 74.73%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 06:55
Updated-03 Oct, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SECOM Dr.ID Attendance system - Unrestricted File Upload

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.

Action-Not Available
Vendor-secomSECOMsecom
Product-dr.id_attendance_systemDr.ID Attendance systemdr.id_attendance_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7731
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.90% / 74.73%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 06:30
Updated-22 Aug, 2024 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SECOM Dr.ID Access control system - SQL injection

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.

Action-Not Available
Vendor-secomSECOMsecom
Product-dr.id_access_controlDr.ID Access control systemdr.id_access_control
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')