{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-23T02:57:54.164","vulnerabilities":[{"cve":{"id":"CVE-2021-44161","sourceIdentifier":"twcert@cert.org.tw","published":"2021-12-29T08:15:06.890","lastModified":"2026-06-17T04:11:58.577","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication."},{"lang":"es","value":"El parámetro de la función específica del sistema MOTP (Mobile One Time Password) presenta una comprobación insuficiente de la entrada del usuario. Un atacante en la red de área local puede llevar a cabo un ataque de inyección SQL para leer, modificar o eliminar la base de datos del backend sin autenticación"}],"affected":[{"source":"twcert@cert.org.tw","affectedData":[{"vendor":"Changing","product":"MOTP(Mobile One Time Password)","versions":[{"version":"next of 3.5","lessThan":"unspecified","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:P/I:P/A:P","baseScore":5.8,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.5,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:changingtec:motp:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","matchCriteriaId":"9B4F0A91-88EE-43A0-9167-9985D2F85684"}]}]}],"references":[{"url":"https://www.twcert.org.tw/tw/cp-132-5423-84a13-1.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-5423-84a13-1.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}