Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for MOTP(Mobile One Time Password) by Changing

    CVE-2021-44161 (GCVE-0-2021-44161)

    Vulnerability from nvd – Published: 2021-12-29 07:15 – Updated: 2024-09-16 16:38
    VLAI
    Title
    Changing Information Technology Inc. MOTP(Mobile One Time Password) - SQL Injection
    Summary
    Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Changing MOTP(Mobile One Time Password) Affected: next of 3.5 , < unspecified (custom)
    Create a notification for this product.
    Date Public
    2021-12-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:17:23.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-5423-84a13-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MOTP(Mobile One Time Password)",
              "vendor": "Changing",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "next of 3.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Changing MOTP (Mobile One Time Password) system\u2019s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-29T07:15:16.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-5423-84a13-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Contact tech support from Changing."
            }
          ],
          "source": {
            "advisory": "TVN-202112003",
            "discovery": "EXTERNAL"
          },
          "title": "Changing Information Technology Inc. MOTP(Mobile One Time Password) - SQL Injection",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2021-12-28T01:55:00.000Z",
              "ID": "CVE-2021-44161",
              "STATE": "PUBLIC",
              "TITLE": "Changing Information Technology Inc. MOTP(Mobile One Time Password) - SQL Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MOTP(Mobile One Time Password)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e",
                                "version_value": "3.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Changing"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Changing MOTP (Mobile One Time Password) system\u2019s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-5423-84a13-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-5423-84a13-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Contact tech support from Changing."
              }
            ],
            "source": {
              "advisory": "TVN-202112003",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2021-44161",
        "datePublished": "2021-12-29T07:15:16.708Z",
        "dateReserved": "2021-11-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:38:54.142Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44161 (GCVE-0-2021-44161)

    Vulnerability from cvelistv5 – Published: 2021-12-29 07:15 – Updated: 2024-09-16 16:38
    VLAI
    Title
    Changing Information Technology Inc. MOTP(Mobile One Time Password) - SQL Injection
    Summary
    Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Changing MOTP(Mobile One Time Password) Affected: next of 3.5 , < unspecified (custom)
    Create a notification for this product.
    Date Public
    2021-12-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:17:23.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-5423-84a13-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MOTP(Mobile One Time Password)",
              "vendor": "Changing",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "next of 3.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Changing MOTP (Mobile One Time Password) system\u2019s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-29T07:15:16.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-5423-84a13-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Contact tech support from Changing."
            }
          ],
          "source": {
            "advisory": "TVN-202112003",
            "discovery": "EXTERNAL"
          },
          "title": "Changing Information Technology Inc. MOTP(Mobile One Time Password) - SQL Injection",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2021-12-28T01:55:00.000Z",
              "ID": "CVE-2021-44161",
              "STATE": "PUBLIC",
              "TITLE": "Changing Information Technology Inc. MOTP(Mobile One Time Password) - SQL Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MOTP(Mobile One Time Password)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e",
                                "version_value": "3.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Changing"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Changing MOTP (Mobile One Time Password) system\u2019s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-5423-84a13-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-5423-84a13-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Contact tech support from Changing."
              }
            ],
            "source": {
              "advisory": "TVN-202112003",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2021-44161",
        "datePublished": "2021-12-29T07:15:16.708Z",
        "dateReserved": "2021-11-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:38:54.142Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }