CVE-2021-34164 – This vulnerability in LIZHIFAKA v2.2.0 allows a... (How to Fix)

Q: What is the severity of CVE-2021-34164?

CVE-2021-34164 has a CVSS score of 8.8 (HIGH). This vulnerability in LIZHIFAKA v2.2.0 allows authenticated attackers to execute arbitrary commands through the set password function in the admin interface. Attackers with admin credentials can exploit this to gain full system control. All systems running the vulnerable version are affected.

📋 TL;DR

This vulnerability in LIZHIFAKA v2.2.0 allows authenticated attackers to execute arbitrary commands through the set password function in the admin interface. Attackers with admin credentials can exploit this to gain full system control. All systems running the vulnerable version are affected.

💻 Affected Systems

Products:

LIZHIFAKA

Versions: v2.2.0

Operating Systems: All platforms running LIZHIFAKA

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to admin interface

📦 What is this software?

Lizhifaka by Lizhifaka Project

View all CVEs affecting Lizhifaka →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data theft, ransomware deployment, or use as a foothold for lateral movement within the network.

🟠

Likely Case

Unauthorized command execution allowing attackers to modify system files, steal sensitive data, or install backdoors.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege access controls are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin credentials but is straightforward once authenticated

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.2.1 or later

Vendor Advisory: https://github.com/lizhipay/faka/issues/22

Restart Required: Yes

Instructions:

1. Backup current installation and data. 2. Download latest version from official repository. 3. Replace vulnerable files with patched version. 4. Restart the application service.

🔧 Temporary Workarounds

Disable admin email functionality

all

Remove or restrict access to the vulnerable email password function

# Modify application code to disable /admin/index/email endpoint

Implement WAF rules

all

Block suspicious command injection patterns in admin endpoints

🧯 If You Can't Patch

Implement strict network segmentation to isolate LIZHIFAKA from critical systems
Enforce multi-factor authentication for all admin accounts and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check if running LIZHIFAKA v2.2.0 by examining version files or application metadata

Check Version:

Check application configuration files or use: grep -r 'version' /path/to/lizhifaka/

Verify Fix Applied:

Confirm version is v2.2.1 or later and test that command injection attempts in admin email function are blocked

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns in application logs
Multiple failed authentication attempts followed by successful admin login
Suspicious POST requests to /admin/index/email endpoint

Network Indicators:

Unexpected outbound connections from LIZHIFAKA server
Command and control traffic patterns

SIEM Query:

source="lizhifaka.logs" AND (url_path="/admin/index/email" OR cmd_exec=*)

📊 Metadata

CVE ID: CVE-2021-34164

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-276

Published: February 17, 2023

Last Updated: March 18, 2025

🔗 References

https://github.com/lizhipay/faka/issues/22 Exploit,Issue Tracking,Third Party Advisory
https://github.com/lizhipay/faka/issues/22 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34164, you might also want to check these: