CVE-2021-35961 – Dr. ID Door Access Control and Personnel Attend... (How to Fix)

📋 TL;DR

Dr. ID Door Access Control and Personnel Attendance Management systems have hardcoded default admin credentials, allowing remote attackers to gain full administrative access. This affects all systems using default configurations, potentially compromising physical security controls and sensitive personnel data.

💻 Affected Systems

Products:

Dr. ID Door Access Control and Personnel Attendance Management system

Versions: All versions with default configuration

Operating Systems: Embedded systems running the Dr. ID software

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where default admin credentials were not changed during deployment.

📦 What is this software?

Dr.id Access Control by Secom

View all CVEs affecting Dr.id Access Control →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover allowing attackers to disable physical security, modify access logs, steal sensitive personnel data, and potentially pivot to other connected systems.

🟠

Likely Case

Unauthorized access to door control systems, attendance records theft, and potential physical security breaches at affected facilities.

🟢

If Mitigated

Limited impact if credentials were changed during initial setup, though systems remain vulnerable to credential guessing attacks.

🌐 Internet-Facing: HIGH - Systems exposed to internet are directly accessible to attackers worldwide with minimal effort.

🏢 Internal Only: HIGH - Even internal systems are vulnerable to insider threats or compromised internal hosts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires only knowledge of default credentials and network access to the system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html

Restart Required: No

Instructions:

1. Log into the Dr. ID system admin interface
2. Navigate to user management settings
3. Change the default admin password to a strong, unique password
4. Verify the new credentials work and old ones are disabled

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Dr. ID systems from internet and restrict internal network access

Access Control Lists

all

Implement firewall rules to restrict access to Dr. ID systems

🧯 If You Can't Patch

Immediately change all default admin passwords to strong, unique credentials
Implement network segmentation to isolate Dr. ID systems from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Attempt to log into the Dr. ID admin interface using default credentials (check vendor documentation for specifics)

Check Version:

Check system version through admin interface or device labeling

Verify Fix Applied:

Verify default credentials no longer work and only new strong credentials provide access

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts followed by successful admin login
Admin login from unusual IP addresses or locations
Configuration changes from unexpected sources

Network Indicators:

Unusual traffic patterns to/from Dr. ID systems
Authentication requests to admin interfaces from external networks

SIEM Query:

source="dr-id-system" AND (event_type="authentication" AND result="success" AND user="admin")

📊 Metadata

CVE ID: CVE-2021-35961

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: July 16, 2021

Last Updated: November 21, 2024

🔗 References

https://www.chtsecurity.com/news/2e4e69d5-2e32-4f73-ac7e-a66432e020e4 Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html Third Party Advisory
https://www.chtsecurity.com/news/2e4e69d5-2e32-4f73-ac7e-a66432e020e4 Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-4905-c99ac-1.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-35961, you might also want to check these: