Lucene search

MitreCVE-2021-39434

HistoryDec 06, 2022 - 12:15 a.m.

CVE-2021-39434

2022-12-0600:15:09

CWE-521

mitre

web.nvd.nist.gov

zkteco

zktime

default credentials

admin account

cve-2021-39434

security vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220.

Affected configurations

Nvd

Node

zktecozktimeRange10.0–11.1.0

zktecozktimeMatch11.1.0-

zktecozktimeMatch11.1.020180901

zktecozktimeMatch11.1.020190510.1

zktecozktimeMatch11.1.020200309.3

zktecozktimeMatch11.1.020200930

zktecozktimeMatch11.1.020201231

zktecozktimeMatch11.1.020210220

VendorProductVersionCPE
zktecozktime*cpe:2.3:a:zkteco:zktime:*:*:*:*:*:*:*:*
zktecozktime11.1.0cpe:2.3:a:zkteco:zktime:11.1.0:-:*:*:*:*:*:*
zktecozktime11.1.0cpe:2.3:a:zkteco:zktime:11.1.0:20180901:*:*:*:*:*:*
zktecozktime11.1.0cpe:2.3:a:zkteco:zktime:11.1.0:20190510.1:*:*:*:*:*:*
zktecozktime11.1.0cpe:2.3:a:zkteco:zktime:11.1.0:20200309.3:*:*:*:*:*:*
zktecozktime11.1.0cpe:2.3:a:zkteco:zktime:11.1.0:20200930:*:*:*:*:*:*
zktecozktime11.1.0cpe:2.3:a:zkteco:zktime:11.1.0:20201231:*:*:*:*:*:*
zktecozktime11.1.0cpe:2.3:a:zkteco:zktime:11.1.0:20210220:*:*:*:*:*:*

Vendor	Product	Version	CPE
zkteco	zktime	*	cpe:2.3:a:zkteco:zktime::::::::
zkteco	zktime	11.1.0	cpe:2.3:a:zkteco:zktime:11.1.0:-::::::
zkteco	zktime	11.1.0	cpe:2.3:a:zkteco:zktime:11.1.0:20180901::::::
zkteco	zktime	11.1.0	cpe:2.3:a:zkteco:zktime:11.1.0:20190510.1::::::
zkteco	zktime	11.1.0	cpe:2.3:a:zkteco:zktime:11.1.0:20200309.3::::::
zkteco	zktime	11.1.0	cpe:2.3:a:zkteco:zktime:11.1.0:20200930::::::
zkteco	zktime	11.1.0	cpe:2.3:a:zkteco:zktime:11.1.0:20201231::::::
zkteco	zktime	11.1.0	cpe:2.3:a:zkteco:zktime:11.1.0:20210220::::::

References

www.cnvd.org.cn/flaw/show/CNVD-2018-26041

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

Related for CVE-2021-39434