| TVN ID | TVN-202112003 |
|---|---|
| CVE ID | CVE-2021-44161 |
| CVSS | 8.8 (High) CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Affected Products | Changing MOTP (Mobile One Time Password) version > 3.5 (Include HA Manager page) |
| Description | Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication. |
| Solution | Contact tech support from Changing. |
| Credit | Cyku Hong(DEVCORE) |
| Public Date | 2021-12-28 |
:::