【Vulnerability Alert】Hongding Technology Smart Parking Management System Has 2 Major Security Vulnerabilities

• Subject: 【Vulnerability Alert】Hongding Technology Smart Parking Management System Has 2 Major Security Vulnerabilities

• Content:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202506-00000004
  • 【Hongding Technology Smart Parking Management System - Exposure of Sensitive Information】(CVE-2025-5893, CVSS: 9.8) The Hongding Technology Smart Parking Management System has an Exposure of Sensitive Information vulnerability. An unauthenticated remote attacker can access specific pages to obtain plaintext administrator account passwords.
  • 【Hongding Technology Smart Parking Management System - Missing Authorization】(CVE-2025-5894, CVSS: 8.8) The Hongding Technology Smart Parking Management System has a Missing Authorization vulnerability. A remote attacker who has obtained general privileges can access specific functions to add an administrator account and use that account to log in to the system.
• Affected Platforms:
  • Smart Parking Management System versions 1.0 to 1.4
• Suggested Measures:
  • Update to version 1.5 or later
• References:
  1. https://www.twcert.org.tw/tw/cp-132-10167-39c6d-1.html
  2. https://www.twcert.org.tw/tw/cp-132-10170-e2435-1.html

Computer and Communications Center
Network Systems Division