ByteOS Network

NVD Vulnerability Details :

CVE-2021-47722

Awaiting Analysis

Source-disclosure@vulncheck.com

Published At-23 Dec, 2025 | 20:15

Updated At-29 Dec, 2025 | 15:59

Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking authenticated users into loading the page.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.1	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	3.5	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Type: Secondary

Version: 4.0

Base score: 5.1

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 3.5

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-352	Primary	disclosure@vulncheck.com

CWE ID: CWE-352

Type: Primary

Source: disclosure@vulncheck.com

References

Hyperlink	Source	Resource
https://www.axesstmc.com	disclosure@vulncheck.com	N/A
https://www.exploit-db.com/exploits/50595	disclosure@vulncheck.com	N/A
https://www.vulncheck.com/advisories/zucchetti-axess-cloki-access-control-cross-site-request-forgery	disclosure@vulncheck.com	N/A
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5689.php	disclosure@vulncheck.com	N/A