Vulnerability Description
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wowonder | Wowonder | 3.0.4 |
Related Weaknesses (CWE)
References
- https://securityforeveryone.com/blog/wowonder-0-day-vulnerability-cve-2021-27200ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/49989ExploitThird Party AdvisoryVDB Entry
- https://www.wowonder.comProduct
- https://securityforeveryone.com/blog/wowonder-0-day-vulnerability-cve-2021-27200ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/49989ExploitThird Party AdvisoryVDB Entry
- https://www.wowonder.comProduct
FAQ
What is CVE-2021-27200?
CVE-2021-27200 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.
How severe is CVE-2021-27200?
CVE-2021-27200 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-27200?
Check the references section above for vendor advisories and patch information. Affected products include: Wowonder Wowonder.