CVE-2021-44161

Summary

Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication.

Affected Software

VendorProductVersion RangeStatus
ChangingMOTP(Mobile One Time Password)next of 3.5 < unspecifiedaffected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References