CVE-2021-46167 - OpenCVE

An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service (DoS).

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Wizplat	Pd065 Pd065 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:wizplat:pd065_firmware:1.19:*:*:*:*:*:*:*

cpe:2.3:h:wizplat:pd065:-:*:*:*:*:*:*:*

References

Link	Resource
http://wizplat.com/PRODUCT1_3/?idx=217	Broken Link
https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-w8x7-9p5m-2vx4	Exploit Third Party Advisory
https://www.amazon.in/High-Speed-Recognition-Fingerprint-Encrypted-Security/dp/B07BRH1GF5/ref=cm_cr_arp_d_product_top?ie=UTF8	Product Third Party Advisory
https://www.ebay.com/itm/DM-32GB-Fingerprint-Encrypted-Pen-Drive-Secure-Memory-USB-Stick-AES256/202929723426?hash=item2f3f8dd822:g:mugAAOSwz8NbgQKf	Product Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-04-13T14:29:14

Updated: 2022-04-13T14:29:14

Reserved: 2022-01-10T00:00:00

Link: CVE-2021-46167

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-04-13T15:15:08.977

Modified: 2022-10-07T01:40:26.453

Link: CVE-2021-46167

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service (DoS)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-13T14:29:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://wizplat.com/PRODUCT1_3/?idx=217"}, {"tags": ["x_refsource_MISC"], "url": "https://www.amazon.in/High-Speed-Recognition-Fingerprint-Encrypted-Security/dp/B07BRH1GF5/ref=cm_cr_arp_d_product_top?ie=UTF8"}, {"tags": ["x_refsource_MISC"], "url": "https://www.ebay.com/itm/DM-32GB-Fingerprint-Encrypted-Pen-Drive-Secure-Memory-USB-Stick-AES256/202929723426?hash=item2f3f8dd822:g:mugAAOSwz8NbgQKf"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-w8x7-9p5m-2vx4"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-46167", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service (DoS)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://wizplat.com/PRODUCT1_3/?idx=217", "refsource": "MISC", "url": "http://wizplat.com/PRODUCT1_3/?idx=217"}, {"name": "https://www.amazon.in/High-Speed-Recognition-Fingerprint-Encrypted-Security/dp/B07BRH1GF5/ref=cm_cr_arp_d_product_top?ie=UTF8", "refsource": "MISC", "url": "https://www.amazon.in/High-Speed-Recognition-Fingerprint-Encrypted-Security/dp/B07BRH1GF5/ref=cm_cr_arp_d_product_top?ie=UTF8"}, {"name": "https://www.ebay.com/itm/DM-32GB-Fingerprint-Encrypted-Pen-Drive-Secure-Memory-USB-Stick-AES256/202929723426?hash=item2f3f8dd822:g:mugAAOSwz8NbgQKf", "refsource": "MISC", "url": "https://www.ebay.com/itm/DM-32GB-Fingerprint-Encrypted-Pen-Drive-Secure-Memory-USB-Stick-AES256/202929723426?hash=item2f3f8dd822:g:mugAAOSwz8NbgQKf"}, {"name": "https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-w8x7-9p5m-2vx4", "refsource": "MISC", "url": "https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-w8x7-9p5m-2vx4"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-46167", "datePublished": "2022-04-13T14:29:14", "dateReserved": "2022-01-10T00:00:00", "dateUpdated": "2022-04-13T14:29:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wizplat:pd065_firmware:1.19:*:*:*:*:*:*:*", "matchCriteriaId": "7A73E7F7-50E1-4824-AEB5-C33406EA0AB0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wizplat:pd065:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F0432A5-F97F-4B2A-81EA-C9BA5DCBEE03", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service (DoS)."}, {"lang": "es", "value": "Un problema de control de acceso en el m\u00f3dulo de autenticaci\u00f3n de wizplat PD065 versi\u00f3n v1.19, permite a atacantes acceder a datos confidenciales y causar una Denegaci\u00f3n de Servicio (DoS)"}], "id": "CVE-2021-46167", "lastModified": "2022-10-07T01:40:26.453", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-13T15:15:08.977", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://wizplat.com/PRODUCT1_3/?idx=217"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-w8x7-9p5m-2vx4"}, {"source": "cve@mitre.org", "tags": ["Product", "Third Party Advisory"], "url": "https://www.amazon.in/High-Speed-Recognition-Fingerprint-Encrypted-Security/dp/B07BRH1GF5/ref=cm_cr_arp_d_product_top?ie=UTF8"}, {"source": "cve@mitre.org", "tags": ["Product", "Third Party Advisory"], "url": "https://www.ebay.com/itm/DM-32GB-Fingerprint-Encrypted-Pen-Drive-Secure-Memory-USB-Stick-AES256/202929723426?hash=item2f3f8dd822:g:mugAAOSwz8NbgQKf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}