CNNVD-202512-4123 Information

CNNVD ID

CNNVD-202512-4123

Related CVE

CVE-2021-47722

• CNNVD Published: 2025-12-23

Description (Chinese)

Zucchetti Axess CLOKI Access Control是意大利Zucchetti公司的一个门禁终端中的自动化管理软件。 Zucchetti Axess CLOKI Access Control 1.64版本存在跨站请求伪造漏洞，该漏洞源于访问控制设置缺乏验证，可能导致跨站请求伪造攻击。

Description (English)

Zucchetti Express CLOKI Access Control is an automated management software in a closed terminal of Zucchetti, Italy. Version 1.64 of Zucchetti Express CLOKI Access Control has a false breach in cross-site requests, which stems from the lack of verification of access control settings and may lead to cross-site requests for false attacks.

Hazard Level

Critical

Vulnerability Type

跨站请求伪造

Affected Vendor

Zucchetti

Published

2025-12-23

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/50595 https://www.vulncheck.com/advisories/zucchetti-axess-cloki-access-control-cross-site-request-forgery https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5689.php https://www.axesstmc.com https://access.redhat.com/security/cve/cve-2021-47722