ID

VAR-201803-2356


TITLE

Information leak in iClock series of Central Control Attendance Management System

Trust: 0.6

sources: CNVD: CNVD-2018-03852

DESCRIPTION

Zhongkong Taike (Shanghai) Electronic Technology Co., Ltd. is a sales and service organization based in Shanghai, a well-known biometric technology and RFID product provider. An information disclosure vulnerability exists in the iClock series of the Central Control Attendance Management System. Attackers can use this vulnerability to obtain sensitive information.

Trust: 0.6

sources: CNVD: CNVD-2018-03852

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-03852

AFFECTED PRODUCTS

vendor:taike electronicmodel:iclock seriesscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-03852

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2018-03852
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2018-03852
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2018-03852

PATCH

title:Information leak in China Central Attendance Management Systemurl:https://www.cnvd.org.cn/patchinfo/show/116203

Trust: 0.6

sources: CNVD: CNVD-2018-03852

EXTERNAL IDS

db:CNVDid:CNVD-2018-03852

Trust: 0.6

sources: CNVD: CNVD-2018-03852

SOURCES

db:CNVDid:CNVD-2018-03852

LAST UPDATE DATE

2022-05-04T09:22:57.509000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-03852date:2018-02-28T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-03852date:2018-03-26T00:00:00