CVE Vulnerability

CVE-2021-39434

A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.cnvd.org.cn/flaw/show/CNVD-2018-26041 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:zkteco:zktime:11.1.0:20210220:*:*:*:*:*:*
cpe:2.3:a:zkteco:zktime:11.1.0:20201231:*:*:*:*:*:*
cpe:2.3:a:zkteco:zktime:11.1.0:20200930:*:*:*:*:*:*
cpe:2.3:a:zkteco:zktime:11.1.0:20200309.3:*:*:*:*:*:*
cpe:2.3:a:zkteco:zktime:11.1.0:20190510.1:*:*:*:*:*:*
cpe:2.3:a:zkteco:zktime:11.1.0:20180901:*:*:*:*:*:*
cpe:2.3:a:zkteco:zktime:11.1.0:-:*:*:*:*:*:*
cpe:2.3:a:zkteco:zktime:*:*:*:*:*:*:*:*
Information

Published : 2022-12-06 12:15

Updated : 2022-12-08 04:15

NVD link : CVE-2021-39434

Mitre link : CVE-2021-39434

Products Affected
No products.
CWE
CWE-521