CVE-2021-39434

A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
zktecozktime
10.0 ≤
𝑥
≤ 11.1.0
zktecozktime
11.1.0
zktecozktime
11.1.0:20180901
zktecozktime
11.1.0:20190510.1
zktecozktime
11.1.0:20200309.3
zktecozktime
11.1.0:20200930
zktecozktime
11.1.0:20201231
zktecozktime
11.1.0:20210220
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cnvd.org.cn/flaw/show/CNVD-2018-26041
https://www.cnvd.org.cn/flaw/show/CNVD-2018-26041