[Vulnerability Alert] Two Critical Security Vulnerabilities Found in HONDING Technology Smart Parking Management System

publish date : 2025-06-19 update date : 2025-06-19

Source: Ministry of education information & communication security contingency platform


Publication Number	TACERT-ANA-2025061004064747	Publication Time	2025/06/10 16:08
Incident Type	ANA-Vulnerability Alert	Discovery Time	2025/06/10 16:08
Impact Level	Low
[Subject] [Vulnerability Alert] Two Critical Security Vulnerabilities Found in HONDING Technology Smart Parking Management System
[Content] Forwarded from TWCERTCC-200-202506-00000004 [HONDING Technology Smart Parking Management System – Exposure of Sensitive Information] (CVE-2025-5893, CVSS: 9.8) A vulnerability in the system allows unauthenticated remote attackers to access specific pages and retrieve plaintext administrator credentials. [HONDING Technology Smart Parking Management System – Missing Authorization] (CVE-2025-5894, CVSS: 8.8) A vulnerability allows authenticated remote attackers with standard privileges to access specific functions and create administrator accounts, which can then be used to log into the system. Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] Smart Parking Management System version 1.0 to 1.4
[Recommended Actions] Update to version 1.5 or later.
[Reference] https://www.twcert.org.tw/tw/cp-132-10167-39c6d-1.html https://www.twcert.org.tw/tw/cp-132-10170-e2435-1.html

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center

Click Num:

Share