CVE-2021-39434 - Vulnerability Details - OpenCVE

A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zkteco	Zktime

Configuration 1 [-]

OR	cpe:2.3:a:zkteco:zktime::::::::
	cpe:2.3:a:zkteco:zktime:11.1.0:-::::::
	cpe:2.3:a:zkteco:zktime:11.1.0:20180901::::::
	cpe:2.3:a:zkteco:zktime:11.1.0:20190510.1::::::
	cpe:2.3:a:zkteco:zktime:11.1.0:20200309.3::::::
	cpe:2.3:a:zkteco:zktime:11.1.0:20200930::::::
	cpe:2.3:a:zkteco:zktime:11.1.0:20201231::::::
	cpe:2.3:a:zkteco:zktime:11.1.0:20210220::::::

No data.

References

Link	Providers
https://www.cnvd.org.cn/flaw/show/CNVD-2018-26041

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-05T00:00:00

Updated: 2024-08-04T02:06:42.609Z

Reserved: 2021-08-23T00:00:00

Link: CVE-2021-39434

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-06T00:15:09.957

Modified: 2024-11-21T06:19:31.760

Link: CVE-2021-39434

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zkteco:zktime:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5A01499-5672-4078-A6CC-828FA58243B7", "versionEndIncluding": "11.1.0", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zkteco:zktime:11.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "97047868-500B-4049-9698-D198D2076119", "vulnerable": true}, {"criteria": "cpe:2.3:a:zkteco:zktime:11.1.0:20180901:*:*:*:*:*:*", "matchCriteriaId": "01DC8AC1-5878-4F1D-91EB-75EA931E16D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:zkteco:zktime:11.1.0:20190510.1:*:*:*:*:*:*", "matchCriteriaId": "0D779C44-7D1F-4DFB-8700-3012708DA6E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zkteco:zktime:11.1.0:20200309.3:*:*:*:*:*:*", "matchCriteriaId": "625DC24C-026E-4557-A57A-5C1EC5BD2DA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:zkteco:zktime:11.1.0:20200930:*:*:*:*:*:*", "matchCriteriaId": "E5E76CC0-9935-4088-AFA5-15AC9B760634", "vulnerable": true}, {"criteria": "cpe:2.3:a:zkteco:zktime:11.1.0:20201231:*:*:*:*:*:*", "matchCriteriaId": "D0D66976-2C73-4968-9353-820A844B1E69", "vulnerable": true}, {"criteria": "cpe:2.3:a:zkteco:zktime:11.1.0:20210220:*:*:*:*:*:*", "matchCriteriaId": "78CF7597-02C6-48F7-B0D9-07009EBE21B8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220."}, {"lang": "es", "value": "Se descubri\u00f3 un nombre de usuario y contrase\u00f1a predeterminados para una cuenta de administrador en ZKTeco ZKTime 10.0 a 11.1.0, compilaciones 20180901, 20190510.1, 20200309.3, 20200930, 20201231 y 20210220."}], "id": "CVE-2021-39434", "lastModified": "2024-11-21T06:19:31.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-06T00:15:09.957", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2018-26041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2018-26041"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-521"}], "source": "nvd@nist.gov", "type": "Primary"}]}