CVE-2024-7731 – This critical SQL injection vulnerability in Dr... (How to Fix)

Q: What is the severity of CVE-2024-7731?

CVE-2024-7731 has a CVSS score of 9.8 (CRITICAL). This critical SQL injection vulnerability in Dr.ID Access Control System allows unauthenticated attackers to execute arbitrary SQL commands remotely. Attackers can read, modify, or delete database contents including user credentials, access logs, and system configurations. Organizations using SECOM's Dr.ID Access Control System are affected.

📋 TL;DR

This critical SQL injection vulnerability in Dr.ID Access Control System allows unauthenticated attackers to execute arbitrary SQL commands remotely. Attackers can read, modify, or delete database contents including user credentials, access logs, and system configurations. Organizations using SECOM's Dr.ID Access Control System are affected.

💻 Affected Systems

Products:

SECOM Dr.ID Access Control System

Versions: Specific versions not specified in references, but all unpatched versions appear vulnerable

Operating Systems: Unknown - likely embedded/Linux-based

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in a specific page parameter that lacks proper input validation. No special configuration required for exploitation.

📦 What is this software?

Dr.id Access Control by Secom

View all CVEs affecting Dr.id Access Control →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise: attackers gain administrative access, disable physical security controls, exfiltrate sensitive data, and potentially pivot to other network systems.

🟠

Likely Case

Data theft and system manipulation: attackers steal user credentials, access logs, and modify access permissions to bypass physical security.

🟢

If Mitigated

Limited impact if proper network segmentation and web application firewalls block SQL injection attempts before reaching vulnerable systems.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are commonly exploited with automated tools. The unauthenticated nature makes this particularly dangerous.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in provided references

Vendor Advisory: https://www.twcert.org.tw/en/cp-139-8006-036f5-2.html

Restart Required: Yes

Instructions:

1. Contact SECOM for the latest security patch. 2. Apply the patch following vendor instructions. 3. Restart the Dr.ID system. 4. Verify the fix by testing the vulnerable parameter.

🔧 Temporary Workarounds

Web Application Firewall

all

Deploy a WAF with SQL injection rules to block malicious requests

Network Segmentation

all

Isolate Dr.ID systems from internet and restrict access to authorized IPs only

🧯 If You Can't Patch

Immediately isolate the Dr.ID system from internet access and restrict to internal network only
Implement strict input validation at network perimeter or reverse proxy level

🔍 How to Verify

Check if Vulnerable:

Test the specific page parameter with SQL injection payloads (e.g., ' OR '1'='1) and monitor for database errors or unexpected responses

Check Version:

Check system web interface or contact SECOM for version information

Verify Fix Applied:

After patching, retest with SQL injection payloads - should receive proper error handling or rejection

📡 Detection & Monitoring

Log Indicators:

Unusual SQL syntax in web logs
Multiple failed login attempts from single IP
Database error messages in application logs

Network Indicators:

HTTP requests containing SQL keywords (SELECT, UNION, INSERT, etc.) to Dr.ID endpoints
Unusual outbound database connections

SIEM Query:

source="web_logs" AND (url="*page=*" AND (content="SELECT" OR content="UNION" OR content="' OR '"))

📊 Metadata

CVE ID: CVE-2024-7731

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: August 14, 2024

Last Updated: August 22, 2024

🔗 References

https://www.twcert.org.tw/en/cp-139-8006-036f5-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-8005-c3c94-1.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7731, you might also want to check these: