Search criteria
10 vulnerabilities found for ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 by ZkTeco
CVE-2023-3943 (GCVE-0-2023-3943)
Vulnerability from cvelistv5 – Published: 2024-05-21 13:32 – Updated: 2024-08-02 07:08
VLAI?
Summary
Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)
with firmware
ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
Severity ?
10 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZkTeco | ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 |
Affected:
ZAM170-NF-1.8.25-7354-Ver1.0.0
|
Credits
The vulnerability was discovered by Georgy Kiguradze from Kaspersky
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "facedepot_7b",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr041me",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr043",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:03:22.339568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:30.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
"vendor": "ZkTeco",
"versions": [
{
"status": "affected",
"version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\u003cbr\u003e\u003cp\u003e\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\n\n with firmware \nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.\n\n\n\n\u003c/p\u003e"
}
],
"value": "Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\n\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\n\n with firmware \nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100: Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T13:32:47.870Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-05-01T21:00:00.000Z",
"value": "Vulnerability discovered."
},
{
"lang": "en",
"time": "2023-09-19T14:00:00.000Z",
"value": "Initial request to PSIRT@zkteco.com."
},
{
"lang": "en",
"time": "2023-10-03T13:18:00.000Z",
"value": "Follow-up with PSIRT@zkteco.com due to no initial response."
},
{
"lang": "en",
"time": "2023-12-20T10:46:00.000Z",
"value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
},
{
"lang": "en",
"time": "2024-05-21T13:32:00.000Z",
"value": "No response from vendor; CVE details added to CVE.org."
}
],
"title": "Multiple buffer overflow in ZkTeco-based OEM devices",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-3943",
"datePublished": "2024-05-21T13:32:47.870Z",
"dateReserved": "2023-07-25T14:17:34.611Z",
"dateUpdated": "2024-08-02T07:08:50.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3941 (GCVE-0-2023-3941)
Vulnerability from cvelistv5 – Published: 2024-05-21 10:20 – Updated: 2024-08-02 07:08
VLAI?
Summary
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker
to write any file on the system with root privileges.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly others.
Severity ?
10 (Critical)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZkTeco | ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 |
Affected:
ZAM170-NF-1.8.25-7354-Ver1.0.0
|
Credits
The vulnerability was discovered by Georgy Kiguradze from Kaspersky
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr041me",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "facedepot_7b",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr043",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T14:59:40.293850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:35.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
"vendor": "ZkTeco",
"versions": [
{
"status": "affected",
"version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker \n\nto write any file on the system with root privileges.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker \n\nto write any file on the system with root privileges.\n\n\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126: Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T10:20:39.827Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-04-27T21:00:00.000Z",
"value": "Vulnerability discovered."
},
{
"lang": "en",
"time": "2023-09-19T14:00:00.000Z",
"value": "Initial request to PSIRT@zkteco.com."
},
{
"lang": "en",
"time": "2023-10-03T13:18:00.000Z",
"value": "Follow-up with PSIRT@zkteco.com due to no initial response."
},
{
"lang": "en",
"time": "2023-12-20T10:46:00.000Z",
"value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
},
{
"lang": "en",
"time": "2024-05-21T10:20:00.000Z",
"value": "No response from vendor; CVE details added to CVE.org."
}
],
"title": "Multiple arbitrary file writes in ZkTeco-based OEM devices",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-3941",
"datePublished": "2024-05-21T10:20:39.827Z",
"dateReserved": "2023-07-25T13:59:28.328Z",
"dateUpdated": "2024-08-02T07:08:50.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3940 (GCVE-0-2023-3940)
Vulnerability from cvelistv5 – Published: 2024-05-21 10:15 – Updated: 2024-08-02 07:08
VLAI?
Summary
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker
to access any file on the system.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly others.
Severity ?
7.5 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZkTeco | ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 |
Affected:
ZAM170-NF-1.8.25-7354-Ver1.0.0
|
Credits
The vulnerability was discovered by Georgy Kiguradze from Kaspersky
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "facedepot_7b",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr043",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr041me",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:00:35.875389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:36.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
"vendor": "ZkTeco",
"versions": [
{
"status": "affected",
"version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker \nto access any file on the system.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker \nto access any file on the system.\n\n\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126: Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T10:15:52.699Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-04-27T21:00:00.000Z",
"value": "Vulnerability discovered."
},
{
"lang": "en",
"time": "2023-09-19T14:00:00.000Z",
"value": "Initial request to PSIRT@zkteco.com."
},
{
"lang": "en",
"time": "2023-10-03T13:18:00.000Z",
"value": "Follow-up with PSIRT@zkteco.com due to no initial response."
},
{
"lang": "en",
"time": "2023-12-20T10:46:00.000Z",
"value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
},
{
"lang": "en",
"time": "2024-05-21T10:15:00.000Z",
"value": "No response from vendor; CVE details added to CVE.org."
}
],
"title": "Multiple arbitrary file reads in ZkTeco-based OEM devices",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-3940",
"datePublished": "2024-05-21T10:15:52.699Z",
"dateReserved": "2023-07-25T13:57:11.798Z",
"dateUpdated": "2024-08-02T07:08:50.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3939 (GCVE-0-2023-3939)
Vulnerability from cvelistv5 – Published: 2024-05-21 09:45 – Updated: 2024-08-02 07:08
VLAI?
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS
Command Injection') vulnerability in ZkTeco-based OEM devices allows OS
Command Injection.
Since all the found command implementations are executed from the
superuser, their impact is the maximum possible.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly other.
Severity ?
10 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZkTeco | ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 |
Affected:
ZAM170-NF-1.8.25-7354-Ver1.0.0
|
Credits
The vulnerability was discovered by Georgy Kiguradze from Kaspersky
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "facedepot_7b",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr043",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr041me",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:01:31.459687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:32.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
"vendor": "ZkTeco",
"versions": [
{
"status": "affected",
"version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nImproper Neutralization of Special Elements used in an OS Command (\u0027OS \nCommand Injection\u0027) vulnerability in ZkTeco-based OEM devices allows OS \nCommand Injection. \nSince all the found command implementations are executed from the \nsuperuser, their impact is the maximum possible.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly other.\n\n"
}
],
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS \nCommand Injection\u0027) vulnerability in ZkTeco-based OEM devices allows OS \nCommand Injection. \nSince all the found command implementations are executed from the \nsuperuser, their impact is the maximum possible.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly other."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T10:11:07.376Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-04-27T21:00:00.000Z",
"value": "Vulnerability discovered."
},
{
"lang": "en",
"time": "2023-09-19T14:00:00.000Z",
"value": "Initial request to PSIRT@zkteco.com."
},
{
"lang": "en",
"time": "2023-10-03T13:18:00.000Z",
"value": "Follow-up with PSIRT@zkteco.com due to no initial response."
},
{
"lang": "en",
"time": "2023-12-20T10:46:00.000Z",
"value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
},
{
"lang": "en",
"time": "2024-05-21T09:44:00.000Z",
"value": "No response from vendor; CVE details added to CVE.org."
}
],
"title": "Multiple command injection in ZkTeco-based OEM devices",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-3939",
"datePublished": "2024-05-21T09:45:00.639Z",
"dateReserved": "2023-07-25T13:51:45.777Z",
"dateUpdated": "2024-08-02T07:08:50.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3938 (GCVE-0-2023-3938)
Vulnerability from cvelistv5 – Published: 2024-05-21 09:32 – Updated: 2024-08-02 07:08
VLAI?
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL
Injection') vulnerability in ZkTeco-based OEM devices allows an
attacker
to authenticate under any user from the device database.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly others.
Severity ?
4.6 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZkTeco | ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 |
Affected:
ZAM170-NF-1.8.25-7354-Ver1.0.0
|
Credits
The vulnerability was discovered by Alexander Zaytsev from Kaspersky
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr043",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr041me",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "facedepot_7b",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:02:22.205077Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:12:06.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-001.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
"vendor": "ZkTeco",
"versions": [
{
"status": "affected",
"version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Alexander Zaytsev from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nImproper Neutralization of Special Elements used in an SQL Command (\u0027SQL\n Injection\u0027) vulnerability in ZkTeco-based OEM devices allows an \nattacker \n to authenticate under any user from the device database.\n\nThis issue affects\u0026nbsp;\n\n\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others.\n\n"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL\n Injection\u0027) vulnerability in ZkTeco-based OEM devices allows an \nattacker \n to authenticate under any user from the device database.\n\nThis issue affects\u00a0\n\n\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T10:14:30.409Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-001.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-04-04T21:00:00.000Z",
"value": "Vulnerability discovered."
},
{
"lang": "en",
"time": "2023-09-19T14:00:00.000Z",
"value": "Initial request to PSIRT@zkteco.com."
},
{
"lang": "en",
"time": "2023-10-03T13:18:00.000Z",
"value": "Follow-up with PSIRT@zkteco.com due to no initial response."
},
{
"lang": "en",
"time": "2023-12-20T10:46:00.000Z",
"value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
},
{
"lang": "en",
"time": "2024-05-21T09:31:00.000Z",
"value": "No response from vendor; CVE details added to CVE.org."
}
],
"title": "Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-3938",
"datePublished": "2024-05-21T09:32:15.305Z",
"dateReserved": "2023-07-25T13:42:20.770Z",
"dateUpdated": "2024-08-02T07:08:50.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3943 (GCVE-0-2023-3943)
Vulnerability from nvd – Published: 2024-05-21 13:32 – Updated: 2024-08-02 07:08
VLAI?
Summary
Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)
with firmware
ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
Severity ?
10 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZkTeco | ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 |
Affected:
ZAM170-NF-1.8.25-7354-Ver1.0.0
|
Credits
The vulnerability was discovered by Georgy Kiguradze from Kaspersky
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "facedepot_7b",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr041me",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr043",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:03:22.339568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:30.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
"vendor": "ZkTeco",
"versions": [
{
"status": "affected",
"version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\u003cbr\u003e\u003cp\u003e\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\n\n with firmware \nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.\n\n\n\n\u003c/p\u003e"
}
],
"value": "Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\n\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\n\n with firmware \nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100: Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T13:32:47.870Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-05-01T21:00:00.000Z",
"value": "Vulnerability discovered."
},
{
"lang": "en",
"time": "2023-09-19T14:00:00.000Z",
"value": "Initial request to PSIRT@zkteco.com."
},
{
"lang": "en",
"time": "2023-10-03T13:18:00.000Z",
"value": "Follow-up with PSIRT@zkteco.com due to no initial response."
},
{
"lang": "en",
"time": "2023-12-20T10:46:00.000Z",
"value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
},
{
"lang": "en",
"time": "2024-05-21T13:32:00.000Z",
"value": "No response from vendor; CVE details added to CVE.org."
}
],
"title": "Multiple buffer overflow in ZkTeco-based OEM devices",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-3943",
"datePublished": "2024-05-21T13:32:47.870Z",
"dateReserved": "2023-07-25T14:17:34.611Z",
"dateUpdated": "2024-08-02T07:08:50.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3941 (GCVE-0-2023-3941)
Vulnerability from nvd – Published: 2024-05-21 10:20 – Updated: 2024-08-02 07:08
VLAI?
Summary
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker
to write any file on the system with root privileges.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly others.
Severity ?
10 (Critical)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZkTeco | ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 |
Affected:
ZAM170-NF-1.8.25-7354-Ver1.0.0
|
Credits
The vulnerability was discovered by Georgy Kiguradze from Kaspersky
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr041me",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "facedepot_7b",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr043",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T14:59:40.293850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:35.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
"vendor": "ZkTeco",
"versions": [
{
"status": "affected",
"version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker \n\nto write any file on the system with root privileges.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker \n\nto write any file on the system with root privileges.\n\n\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126: Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T10:20:39.827Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-04-27T21:00:00.000Z",
"value": "Vulnerability discovered."
},
{
"lang": "en",
"time": "2023-09-19T14:00:00.000Z",
"value": "Initial request to PSIRT@zkteco.com."
},
{
"lang": "en",
"time": "2023-10-03T13:18:00.000Z",
"value": "Follow-up with PSIRT@zkteco.com due to no initial response."
},
{
"lang": "en",
"time": "2023-12-20T10:46:00.000Z",
"value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
},
{
"lang": "en",
"time": "2024-05-21T10:20:00.000Z",
"value": "No response from vendor; CVE details added to CVE.org."
}
],
"title": "Multiple arbitrary file writes in ZkTeco-based OEM devices",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-3941",
"datePublished": "2024-05-21T10:20:39.827Z",
"dateReserved": "2023-07-25T13:59:28.328Z",
"dateUpdated": "2024-08-02T07:08:50.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3940 (GCVE-0-2023-3940)
Vulnerability from nvd – Published: 2024-05-21 10:15 – Updated: 2024-08-02 07:08
VLAI?
Summary
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker
to access any file on the system.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly others.
Severity ?
7.5 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZkTeco | ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 |
Affected:
ZAM170-NF-1.8.25-7354-Ver1.0.0
|
Credits
The vulnerability was discovered by Georgy Kiguradze from Kaspersky
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "facedepot_7b",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr043",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr041me",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:00:35.875389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:36.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
"vendor": "ZkTeco",
"versions": [
{
"status": "affected",
"version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker \nto access any file on the system.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker \nto access any file on the system.\n\n\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126: Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T10:15:52.699Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-04-27T21:00:00.000Z",
"value": "Vulnerability discovered."
},
{
"lang": "en",
"time": "2023-09-19T14:00:00.000Z",
"value": "Initial request to PSIRT@zkteco.com."
},
{
"lang": "en",
"time": "2023-10-03T13:18:00.000Z",
"value": "Follow-up with PSIRT@zkteco.com due to no initial response."
},
{
"lang": "en",
"time": "2023-12-20T10:46:00.000Z",
"value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
},
{
"lang": "en",
"time": "2024-05-21T10:15:00.000Z",
"value": "No response from vendor; CVE details added to CVE.org."
}
],
"title": "Multiple arbitrary file reads in ZkTeco-based OEM devices",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-3940",
"datePublished": "2024-05-21T10:15:52.699Z",
"dateReserved": "2023-07-25T13:57:11.798Z",
"dateUpdated": "2024-08-02T07:08:50.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3939 (GCVE-0-2023-3939)
Vulnerability from nvd – Published: 2024-05-21 09:45 – Updated: 2024-08-02 07:08
VLAI?
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS
Command Injection') vulnerability in ZkTeco-based OEM devices allows OS
Command Injection.
Since all the found command implementations are executed from the
superuser, their impact is the maximum possible.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly other.
Severity ?
10 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZkTeco | ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 |
Affected:
ZAM170-NF-1.8.25-7354-Ver1.0.0
|
Credits
The vulnerability was discovered by Georgy Kiguradze from Kaspersky
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "facedepot_7b",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr043",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr041me",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:01:31.459687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:32.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
"vendor": "ZkTeco",
"versions": [
{
"status": "affected",
"version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nImproper Neutralization of Special Elements used in an OS Command (\u0027OS \nCommand Injection\u0027) vulnerability in ZkTeco-based OEM devices allows OS \nCommand Injection. \nSince all the found command implementations are executed from the \nsuperuser, their impact is the maximum possible.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly other.\n\n"
}
],
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS \nCommand Injection\u0027) vulnerability in ZkTeco-based OEM devices allows OS \nCommand Injection. \nSince all the found command implementations are executed from the \nsuperuser, their impact is the maximum possible.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly other."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T10:11:07.376Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-04-27T21:00:00.000Z",
"value": "Vulnerability discovered."
},
{
"lang": "en",
"time": "2023-09-19T14:00:00.000Z",
"value": "Initial request to PSIRT@zkteco.com."
},
{
"lang": "en",
"time": "2023-10-03T13:18:00.000Z",
"value": "Follow-up with PSIRT@zkteco.com due to no initial response."
},
{
"lang": "en",
"time": "2023-12-20T10:46:00.000Z",
"value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
},
{
"lang": "en",
"time": "2024-05-21T09:44:00.000Z",
"value": "No response from vendor; CVE details added to CVE.org."
}
],
"title": "Multiple command injection in ZkTeco-based OEM devices",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-3939",
"datePublished": "2024-05-21T09:45:00.639Z",
"dateReserved": "2023-07-25T13:51:45.777Z",
"dateUpdated": "2024-08-02T07:08:50.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3938 (GCVE-0-2023-3938)
Vulnerability from nvd – Published: 2024-05-21 09:32 – Updated: 2024-08-02 07:08
VLAI?
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL
Injection') vulnerability in ZkTeco-based OEM devices allows an
attacker
to authenticate under any user from the device database.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly others.
Severity ?
4.6 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZkTeco | ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 |
Affected:
ZAM170-NF-1.8.25-7354-Ver1.0.0
|
Credits
The vulnerability was discovered by Alexander Zaytsev from Kaspersky
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr043",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr041me",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "facedepot_7b",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:02:22.205077Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:12:06.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-001.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
"vendor": "ZkTeco",
"versions": [
{
"status": "affected",
"version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Alexander Zaytsev from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nImproper Neutralization of Special Elements used in an SQL Command (\u0027SQL\n Injection\u0027) vulnerability in ZkTeco-based OEM devices allows an \nattacker \n to authenticate under any user from the device database.\n\nThis issue affects\u0026nbsp;\n\n\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others.\n\n"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL\n Injection\u0027) vulnerability in ZkTeco-based OEM devices allows an \nattacker \n to authenticate under any user from the device database.\n\nThis issue affects\u00a0\n\n\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T10:14:30.409Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-001.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-04-04T21:00:00.000Z",
"value": "Vulnerability discovered."
},
{
"lang": "en",
"time": "2023-09-19T14:00:00.000Z",
"value": "Initial request to PSIRT@zkteco.com."
},
{
"lang": "en",
"time": "2023-10-03T13:18:00.000Z",
"value": "Follow-up with PSIRT@zkteco.com due to no initial response."
},
{
"lang": "en",
"time": "2023-12-20T10:46:00.000Z",
"value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
},
{
"lang": "en",
"time": "2024-05-21T09:31:00.000Z",
"value": "No response from vendor; CVE details added to CVE.org."
}
],
"title": "Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-3938",
"datePublished": "2024-05-21T09:32:15.305Z",
"dateReserved": "2023-07-25T13:42:20.770Z",
"dateUpdated": "2024-08-02T07:08:50.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}