Search criteria
48 vulnerabilities by ZkTeco
CVE-2024-13966 (GCVE-0-2024-13966)
Vulnerability from cvelistv5 – Published: 2025-05-27 18:35 – Updated: 2025-07-14 14:58
VLAI?
Summary
ZKTeco BioTime allows unauthenticated attackers to enumerate usernames and log in as any user with a password unchanged from the default value '123456'. Users should change their passwords (located under the Attendance Settings tab as "Self-Password").
Severity ?
CWE
- CWE-1393 - Use of Default Password
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13966",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T19:11:38.601344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T19:13:08.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-07-14T14:58:38.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.zkteco.com/en/Security_Bulletinsibs/18"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "BioTime",
"vendor": "ZKTeco",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"datePublic": "2024-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ZKTeco BioTime allows unauthenticated attackers to enumerate usernames and log in as any user with a password unchanged from the default value \u0027123456\u0027. Users should change their passwords (located under the Attendance Settings tab as \"Self-Password\")."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13966",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T18:35:12.241202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1393",
"description": "CWE-1393 Use of Default Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T19:08:03.803Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://krashconsulting.com/fury-of-fingers-biotime-rce/"
},
{
"name": "url",
"url": "https://zkteco-store.ru/wp-content/uploads/2023/09/ZKBio-CVSecurity-6.0.0-User-Manual_EN-v1.0_20230616.pdf"
},
{
"name": "url",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13966"
},
{
"name": "url",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-148-01.json"
}
],
"title": "ZKTeco BioTime default password"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2024-13966",
"datePublished": "2025-05-27T18:35:31.706Z",
"dateReserved": "2025-05-23T16:23:34.914Z",
"dateUpdated": "2025-07-14T14:58:38.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-45746 (GCVE-0-2025-45746)
Vulnerability from cvelistv5 – Published: 2025-05-13 00:00 – Updated: 2025-05-21 14:01
VLAI?
Summary
In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and because access to the service console does not result in login access or data access in the context of the application software platform.
Severity ?
6.5 (Medium)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZKTeco | ZKBio CVSecurity |
Affected:
6.4.1_R , < 6.6.0_R
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-45746",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T13:33:46.907349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T14:01:59.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZKBio CVSecurity",
"vendor": "ZKTeco",
"versions": [
{
"lessThan": "6.6.0_R",
"status": "affected",
"version": "6.4.1_R",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zkteco:zkbio_cvsecurity:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.0_R",
"versionStartIncluding": "6.4.1_R",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and because access to the service console does not result in login access or data access in the context of the application software platform."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T03:46:32.465Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2025-45746.md"
}
],
"tags": [
"disputed"
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-45746",
"datePublished": "2025-05-13T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-05-21T14:01:59.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11049 (GCVE-0-2024-11049)
Vulnerability from cvelistv5 – Published: 2024-11-10 05:31 – Updated: 2024-11-14 15:32
VLAI?
Summary
A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /auth_files/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-425 - Direct Request
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZKTeco | ZKBio Time |
Affected:
9.0.1
|
Credits
Cybersecurity Center - MOI Iraq (VulDB User)
Cybersecurity Center - MOI Iraq (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zkteco:zkbio_time:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zkbio_time",
"vendor": "zkteco",
"versions": [
{
"status": "affected",
"version": "9.0.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11049",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T15:39:40.915146Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T15:41:07.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Image File Handler"
],
"product": "ZKBio Time",
"vendor": "ZKTeco",
"versions": [
{
"status": "affected",
"version": "9.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Cybersecurity Center - MOI Iraq (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "Cybersecurity Center - MOI Iraq (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /auth_files/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in ZKTeco ZKBio Time 9.0.1 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Datei /auth_files/photo/ der Komponente Image File Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine direct request-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "Direct Request",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T15:32:34.411Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-283662 | ZKTeco ZKBio Time Image File photo direct request",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.283662"
},
{
"name": "VDB-283662 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.283662"
},
{
"name": "Submit #435034 | ZKteco biotime 9.0.1 Exposure of Access Control List Files to an Unauthorized Control",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.435034"
},
{
"tags": [
"exploit"
],
"url": "https://gist.githubusercontent.com/whiteman007/f7a85252fed91deff6eb3f20596710b0/raw/b7c8a7f53d3316cfd2da1cae9bcf583d923860b7/biotime%25209.0.1"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-09T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-14T16:34:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "ZKTeco ZKBio Time Image File photo direct request"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-11049",
"datePublished": "2024-11-10T05:31:04.017Z",
"dateReserved": "2024-11-09T10:19:32.534Z",
"dateUpdated": "2024-11-14T15:32:34.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45250 (GCVE-0-2024-45250)
Vulnerability from cvelistv5 – Published: 2024-10-06 12:24 – Updated: 2024-10-07 15:03
VLAI?
Summary
ZKteco – CWE 200 Exposure of Sensitive Information to an Unauthorized Actor
Severity ?
4.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZKteco | iClock v3.1-168 |
Affected:
v3.1-168 , < EOL product. Upgrade to a newer product or limit access to device.
(custom)
|
Credits
Gad Abuhatziera, Nimrod Bickels, Itay Cherdman - Sophtix Security LTD
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T15:03:19.209054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T15:03:33.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iClock v3.1-168",
"vendor": "ZKteco",
"versions": [
{
"lessThan": "EOL product. Upgrade to a newer product or limit access to device.",
"status": "affected",
"version": "v3.1-168",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gad Abuhatziera, Nimrod Bickels, Itay Cherdman - Sophtix Security LTD"
}
],
"datePublic": "2024-10-06T11:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ZKteco \u2013 CWE 200 Exposure of Sensitive Information to an Unauthorized Actor\u003cbr\u003e"
}
],
"value": "ZKteco \u2013 CWE 200 Exposure of Sensitive Information to an Unauthorized Actor"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-06T12:24:03.945Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEOL product. Upgrade to a newer product or limit access to device.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "EOL product. Upgrade to a newer product or limit access to device."
}
],
"source": {
"advisory": "ILVN-2024-0202",
"discovery": "UNKNOWN"
},
"title": "ZKteco \u2013 CWE 200 Exposure of Sensitive Information to an Unauthorized Actor",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2024-45250",
"datePublished": "2024-10-06T12:24:03.945Z",
"dateReserved": "2024-08-25T06:16:04.248Z",
"dateUpdated": "2024-10-07T15:03:33.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51157 (GCVE-0-2023-51157)
Vulnerability from cvelistv5 – Published: 2024-09-25 00:00 – Updated: 2024-09-25 19:47
VLAI?
Summary
Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zkteco:wdms_pro:5.1.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wdms_pro",
"vendor": "zkteco",
"versions": [
{
"status": "affected",
"version": "5.1.3"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51157",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T19:41:54.745156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T19:47:50.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T18:57:24.563583",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://infosecwriteups.com/xss-store-in-zkteco-welcome-to-wdms-3d5c8e1113f0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51157",
"datePublished": "2024-09-25T00:00:00",
"dateReserved": "2023-12-18T00:00:00",
"dateUpdated": "2024-09-25T19:47:50.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36526 (GCVE-0-2024-36526)
Vulnerability from cvelistv5 – Published: 2024-07-09 00:00 – Updated: 2024-08-02 03:37
VLAI?
Summary
ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zkteco:zkbio_cvsecurity:6.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zkbio_cvsecurity",
"vendor": "zkteco",
"versions": [
{
"status": "affected",
"version": "6.11"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36526",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T14:05:34.959289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259 Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T14:05:42.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://zkteco.eu/downloads/zkbio-cvsecurity-installation-files"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-36526.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T16:30:50.071500",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://zkteco.eu/downloads/zkbio-cvsecurity-installation-files"
},
{
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-36526.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-36526",
"datePublished": "2024-07-09T00:00:00",
"dateReserved": "2024-05-30T00:00:00",
"dateUpdated": "2024-08-02T03:37:05.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6523 (GCVE-0-2024-6523)
Vulnerability from cvelistv5 – Published: 2024-07-05 11:00 – Updated: 2024-08-01 21:41
VLAI?
Summary
A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic. Affected is an unknown function of the component system-group-add Handler. The manipulation of the argument user with the input <script>alert('XSS')</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-270366 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
Credits
Hussein Amer (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zkteco:biotime:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "biotime",
"vendor": "zkteco",
"versions": [
{
"status": "affected",
"version": "9.5.0"
},
{
"status": "affected",
"version": "9.5.1"
},
{
"status": "affected",
"version": "9.5.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6523",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T13:27:38.640807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T13:32:03.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-270366 | ZKTeco BioTime system-group-add cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.270366"
},
{
"name": "VDB-270366 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.270366"
},
{
"name": "Submit #364104 | ZKTeco biotime 8.5-9.5.1,2 xss",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.364104"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://gist.github.com/whiteman007/c8bf92b0294cd2f0cda6bfaca36f8f28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"system-group-add Handler"
],
"product": "BioTime",
"vendor": "ZKTeco",
"versions": [
{
"status": "affected",
"version": "9.5.0"
},
{
"status": "affected",
"version": "9.5.1"
},
{
"status": "affected",
"version": "9.5.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Hussein Amer (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic. Affected is an unknown function of the component system-group-add Handler. The manipulation of the argument user with the input \u003cscript\u003ealert(\u0027XSS\u0027)\u003c/script\u003e leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-270366 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in ZKTeco BioTime bis 9.5.2 ausgemacht. Hiervon betroffen ist ein unbekannter Codeblock der Komponente system-group-add Handler. Durch Manipulieren des Arguments user mit der Eingabe \u003cscript\u003ealert(\u0027XSS\u0027)\u003c/script\u003e mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T11:00:05.305Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-270366 | ZKTeco BioTime system-group-add cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.270366"
},
{
"name": "VDB-270366 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.270366"
},
{
"name": "Submit #364104 | ZKTeco biotime 8.5-9.5.1,2 xss",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.364104"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/whiteman007/c8bf92b0294cd2f0cda6bfaca36f8f28"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-05T06:48:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "ZKTeco BioTime system-group-add cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6523",
"datePublished": "2024-07-05T11:00:05.305Z",
"dateReserved": "2024-07-05T04:43:29.170Z",
"dateUpdated": "2024-08-01T21:41:03.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6344 (GCVE-0-2024-6344)
Vulnerability from cvelistv5 – Published: 2024-06-26 10:31 – Updated: 2025-07-10 07:02
VLAI?
Summary
A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The vendor explains, that "[s]ince ZKBio CVSecurity v5000 has been withdrawn from the market, we recommend upgrading to ZKBio CVSecurity V6600 6.1.3_R or above". This vulnerability only affects products that are no longer supported by the maintainer.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZKTeco | ZKBio CVSecurity V5000 |
Affected:
4.1.0
|
Credits
Stux (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T23:25:21.557270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T23:25:27.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-07-09T16:05:25.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.zkteco.com/en/Security_Bulletinsibs/17"
},
{
"name": "VDB-269733 | ZKTeco ZKBio CVSecurity V5000 Push Configuration Section cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.269733"
},
{
"name": "VDB-269733 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.269733"
},
{
"name": "Submit #358596 | ZKTeco ZKBio CVSecurity V5000 V5000 4.1.0 Stored Cross-Site Scripting",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.358596"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"modules": [
"Push Configuration Section"
],
"product": "ZKBio CVSecurity V5000",
"vendor": "ZKTeco",
"versions": [
{
"status": "affected",
"version": "4.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stux (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The vendor explains, that \"[s]ince ZKBio CVSecurity v5000 has been withdrawn from the market, we recommend upgrading to ZKBio CVSecurity V6600 6.1.3_R or above\". This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in ZKTeco ZKBio CVSecurity V5000 4.1.0 gefunden. Dabei betrifft es einen unbekannter Codeteil der Komponente Push Configuration Section. Mit der Manipulation des Arguments Configuration Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T07:02:31.856Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-269733 | ZKTeco ZKBio CVSecurity V5000 Push Configuration Section cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.269733"
},
{
"name": "VDB-269733 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.269733"
},
{
"name": "Submit #358596 | ZKTeco ZKBio CVSecurity V5000 V5000 4.1.0 Stored Cross-Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.358596"
},
{
"tags": [
"related"
],
"url": "https://www.zkteco.com/en/Security_Bulletinsibs/17"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2024-06-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-06-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-10T09:07:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "ZKTeco ZKBio CVSecurity V5000 Push Configuration Section cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6344",
"datePublished": "2024-06-26T10:31:03.685Z",
"dateReserved": "2024-06-26T05:45:15.738Z",
"dateUpdated": "2025-07-10T07:02:31.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6006 (GCVE-0-2024-6006)
Vulnerability from cvelistv5 – Published: 2024-06-15 11:31 – Updated: 2025-07-17 06:04
VLAI?
Summary
A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor explains, "that ZKBio Security V5000 has been withdrawn from the market and [is] recommended for upgrading to the ZKBio CVSecurity latest version." This vulnerability only affects products that are no longer supported by the maintainer.
Severity ?
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZKTeco | ZKBio CVSecurity V5000 |
Affected:
4.1.0
|
Credits
Stux (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6006",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T14:23:40.940175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T14:23:50.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-268694 | ZKTeco ZKBio CVSecurity V5000 Summer Schedule cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.268694"
},
{
"name": "VDB-268694 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.268694"
},
{
"name": "Submit #351403 | ZKTeco ZKBio CVSecurity 4.1.0 Stored Cross-Site Scripting",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.351403"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Summer Schedule Handler"
],
"product": "ZKBio CVSecurity V5000",
"vendor": "ZKTeco",
"versions": [
{
"status": "affected",
"version": "4.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stux (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor explains, \"that ZKBio Security V5000 has been withdrawn from the market and [is] recommended for upgrading to the ZKBio CVSecurity latest version.\" This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in ZKTeco ZKBio CVSecurity V5000 4.1.0 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Komponente Summer Schedule Handler. Durch Manipulieren des Arguments Schedule Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T06:04:12.109Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-268694 | ZKTeco ZKBio CVSecurity V5000 Summer Schedule cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.268694"
},
{
"name": "VDB-268694 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.268694"
},
{
"name": "Submit #351403 | ZKTeco ZKBio CVSecurity 4.1.0 Stored Cross-Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.351403"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2024-06-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-06-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-17T08:09:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "ZKTeco ZKBio CVSecurity V5000 Summer Schedule cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6006",
"datePublished": "2024-06-15T11:31:03.182Z",
"dateReserved": "2024-06-14T15:31:22.458Z",
"dateUpdated": "2025-07-17T06:04:12.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6005 (GCVE-0-2024-6005)
Vulnerability from cvelistv5 – Published: 2024-06-15 09:31 – Updated: 2025-07-17 06:04
VLAI?
Summary
A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor explains, "that ZKBio Security V5000 has been withdrawn from the market and [is] recommended for upgrading to the ZKBio CVSecurity latest version." This vulnerability only affects products that are no longer supported by the maintainer.
Severity ?
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZKTeco | ZKBio CVSecurity V5000 |
Affected:
4.1.0
|
Credits
Stux (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zkteco:zkbio_cvsecurity_v5000:4.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zkbio_cvsecurity_v5000",
"vendor": "zkteco",
"versions": [
{
"status": "affected",
"version": "4.1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6005",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T19:07:12.175071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T16:02:23.923Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-268693 | ZKTeco ZKBio CVSecurity V5000 Department Section cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.268693"
},
{
"name": "VDB-268693 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.268693"
},
{
"name": "Submit #351241 | ZKTeco ZKBio CVSecurity V5000 4.1.0 Filter Bypass leads Stored Cross-Site Scripting to PrivEsc",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.351241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Department Section"
],
"product": "ZKBio CVSecurity V5000",
"vendor": "ZKTeco",
"versions": [
{
"status": "affected",
"version": "4.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stux (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor explains, \"that ZKBio Security V5000 has been withdrawn from the market and [is] recommended for upgrading to the ZKBio CVSecurity latest version.\" This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "de",
"value": "In ZKTeco ZKBio CVSecurity V5000 4.1.0 wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente Department Section. Durch das Manipulieren des Arguments Department Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T06:04:10.334Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-268693 | ZKTeco ZKBio CVSecurity V5000 Department Section cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.268693"
},
{
"name": "VDB-268693 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.268693"
},
{
"name": "Submit #351241 | ZKTeco ZKBio CVSecurity V5000 4.1.0 Filter Bypass leads Stored Cross-Site Scripting to PrivEsc",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.351241"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2024-06-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-06-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-17T08:09:01.000Z",
"value": "VulDB entry last update"
}
],
"title": "ZKTeco ZKBio CVSecurity V5000 Department Section cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6005",
"datePublished": "2024-06-15T09:31:03.062Z",
"dateReserved": "2024-06-14T15:28:47.576Z",
"dateUpdated": "2025-07-17T06:04:10.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35433 (GCVE-0-2024-35433)
Vulnerability from cvelistv5 – Published: 2024-05-30 17:10 – Updated: 2025-02-13 15:58
VLAI?
Summary
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user.
Severity ?
8.1 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:14:52.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35433.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zkteco:zkbio_cvsecurity:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zkbio_cvsecurity",
"vendor": "zkteco",
"versions": [
{
"status": "affected",
"version": "6.1.1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35433",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T14:31:34.281989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T19:50:00.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T17:10:58.138Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35433.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-35433",
"datePublished": "2024-05-30T17:10:57.858Z",
"dateReserved": "2024-05-17T00:00:00.000Z",
"dateUpdated": "2025-02-13T15:58:48.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35428 (GCVE-0-2024-35428)
Vulnerability from cvelistv5 – Published: 2024-05-30 17:02 – Updated: 2025-03-13 14:11
VLAI?
Summary
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS.
Severity ?
7.1 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T16:01:51.298792Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T14:11:39.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:14:52.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35428.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T17:02:20.305Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35428.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-35428",
"datePublished": "2024-05-30T17:02:20.057Z",
"dateReserved": "2024-05-17T00:00:00.000Z",
"dateUpdated": "2025-03-13T14:11:39.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35429 (GCVE-0-2024-35429)
Vulnerability from cvelistv5 – Published: 2024-05-30 16:20 – Updated: 2025-02-13 15:58
VLAI?
Summary
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zkteco:zkbio_cvsecurity:6.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zkbio_cvsecurity",
"vendor": "zkteco",
"versions": [
{
"status": "affected",
"version": "6.11"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35429",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T14:03:22.598353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-31",
"description": "CWE-31 Path Traversal: \u0027dir\\..\\..\\filename\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T14:06:49.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:14:53.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35429.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T16:20:54.025Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35429.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-35429",
"datePublished": "2024-05-30T16:20:53.690Z",
"dateReserved": "2024-05-17T00:00:00.000Z",
"dateUpdated": "2025-02-13T15:58:45.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35431 (GCVE-0-2024-35431)
Vulnerability from cvelistv5 – Published: 2024-05-30 16:10 – Updated: 2025-05-15 21:17
VLAI?
Summary
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. NOTE: Third parties have indicated other versions are also vulnerable including up to 6.4.1.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zkteco:zkbio_cvsecurity:6.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zkbio_cvsecurity",
"vendor": "zkteco",
"versions": [
{
"status": "affected",
"version": "6.11"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35431",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T14:07:00.420347Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-31",
"description": "CWE-31 Path Traversal: \u0027dir\\..\\..\\filename\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T14:07:22.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:14:53.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35431.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. NOTE: Third parties have indicated other versions are also vulnerable including up to 6.4.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T21:17:59.787Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35431.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-35431",
"datePublished": "2024-05-30T16:10:50.419Z",
"dateReserved": "2024-05-17T00:00:00.000Z",
"dateUpdated": "2025-05-15T21:17:59.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35432 (GCVE-0-2024-35432)
Vulnerability from cvelistv5 – Published: 2024-05-30 16:05 – Updated: 2025-02-13 15:58
VLAI?
Summary
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting (XSS) via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:14:52.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35432.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zkteco:zkbio_cvsecurity:6.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zkbio_cvsecurity",
"vendor": "zkteco",
"versions": [
{
"status": "affected",
"version": "6.11"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35432",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T17:56:27.302365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T17:56:30.104Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting (XSS) via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T16:05:06.333Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35432.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-35432",
"datePublished": "2024-05-30T16:05:05.907Z",
"dateReserved": "2024-05-17T00:00:00.000Z",
"dateUpdated": "2025-02-13T15:58:47.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35430 (GCVE-0-2024-35430)
Vulnerability from cvelistv5 – Published: 2024-05-30 15:55 – Updated: 2025-07-09 16:13
VLAI?
Summary
In ZKTeco ZKBio CVSecurity v6.1.1_R and earlier (fixed in 6.1.3_R) an authenticated user can bypass password checks while exporting data from the application.
Severity ?
8.1 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zkteco:zkbio_cvsecurity:6.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zkbio_cvsecurity",
"vendor": "zkteco",
"versions": [
{
"status": "affected",
"version": "6.11"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35430",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T19:07:40.291658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:27.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:14:52.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35430.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ZKTeco ZKBio CVSecurity v6.1.1_R and earlier (fixed in 6.1.3_R) an authenticated user can bypass password checks while exporting data from the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T16:13:55.376Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35430.md"
},
{
"url": "https://www.zkteco.com/en/Security_Bulletinsibs/16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-35430",
"datePublished": "2024-05-30T15:55:46.314Z",
"dateReserved": "2024-05-17T00:00:00.000Z",
"dateUpdated": "2025-07-09T16:13:55.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3943 (GCVE-0-2023-3943)
Vulnerability from cvelistv5 – Published: 2024-05-21 13:32 – Updated: 2024-08-02 07:08
VLAI?
Summary
Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)
with firmware
ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
Severity ?
10 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZkTeco | ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 |
Affected:
ZAM170-NF-1.8.25-7354-Ver1.0.0
|
Credits
The vulnerability was discovered by Georgy Kiguradze from Kaspersky
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "facedepot_7b",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr041me",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr043",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:03:22.339568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:30.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
"vendor": "ZkTeco",
"versions": [
{
"status": "affected",
"version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\u003cbr\u003e\u003cp\u003e\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\n\n with firmware \nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.\n\n\n\n\u003c/p\u003e"
}
],
"value": "Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\n\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\n\n with firmware \nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100: Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T13:32:47.870Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-05-01T21:00:00.000Z",
"value": "Vulnerability discovered."
},
{
"lang": "en",
"time": "2023-09-19T14:00:00.000Z",
"value": "Initial request to PSIRT@zkteco.com."
},
{
"lang": "en",
"time": "2023-10-03T13:18:00.000Z",
"value": "Follow-up with PSIRT@zkteco.com due to no initial response."
},
{
"lang": "en",
"time": "2023-12-20T10:46:00.000Z",
"value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
},
{
"lang": "en",
"time": "2024-05-21T13:32:00.000Z",
"value": "No response from vendor; CVE details added to CVE.org."
}
],
"title": "Multiple buffer overflow in ZkTeco-based OEM devices",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-3943",
"datePublished": "2024-05-21T13:32:47.870Z",
"dateReserved": "2023-07-25T14:17:34.611Z",
"dateUpdated": "2024-08-02T07:08:50.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3942 (GCVE-0-2023-3942)
Vulnerability from cvelistv5 – Published: 2024-05-21 12:23 – Updated: 2024-08-02 07:08
VLAI?
Summary
An 'SQL Injection' vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the attacker to access user data and system parameters from the database.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)
with firmware
ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other, Standalone service v. 2.1.6-20200907 and possibly others.
Severity ?
7.5 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZkTeco | ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0, Standalone service v. 2.1.6-20200907 |
Affected:
ZAM170-NF-1.8.25-7354-Ver1.0.0
Affected: Standalone service v. 2.1.6-20200907 |
Credits
The vulnerability was discovered by Georgy Kiguradze from Kaspersky
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr043",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr041me",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "facedepot_7b",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3942",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T14:16:48.876752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:31.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-005.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0, Standalone service v. 2.1.6-20200907",
"vendor": "ZkTeco",
"versions": [
{
"status": "affected",
"version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
},
{
"status": "affected",
"version": "Standalone service v. 2.1.6-20200907"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An \u0027SQL Injection\u0027 vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the attacker to access user data and system parameters from the database.\u003cbr\u003e\u003cp\u003eThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\n\n with firmware \nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other, Standalone service v. 2.1.6-20200907 and possibly others.\n\n\u003c/p\u003e"
}
],
"value": "An \u0027SQL Injection\u0027 vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the attacker to access user data and system parameters from the database.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\n\n with firmware \nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other, Standalone service v. 2.1.6-20200907 and possibly others."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T12:23:49.526Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-005.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-04-27T21:00:00.000Z",
"value": "Vulnerability discovered."
},
{
"lang": "en",
"time": "2023-09-19T14:00:00.000Z",
"value": "Initial request to PSIRT@zkteco.com."
},
{
"lang": "en",
"time": "2023-10-03T13:18:00.000Z",
"value": "Follow-up with PSIRT@zkteco.com due to no initial response."
},
{
"lang": "en",
"time": "2023-12-20T10:46:00.000Z",
"value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
},
{
"lang": "en",
"time": "2024-05-21T12:23:00.000Z",
"value": "No response from vendor; CVE details added to CVE.org."
}
],
"title": "Multiple SQLi in ZkTeco-based OEM devices",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-3942",
"datePublished": "2024-05-21T12:23:49.526Z",
"dateReserved": "2023-07-25T14:15:32.367Z",
"dateUpdated": "2024-08-02T07:08:50.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3941 (GCVE-0-2023-3941)
Vulnerability from cvelistv5 – Published: 2024-05-21 10:20 – Updated: 2024-08-02 07:08
VLAI?
Summary
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker
to write any file on the system with root privileges.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly others.
Severity ?
10 (Critical)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZkTeco | ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 |
Affected:
ZAM170-NF-1.8.25-7354-Ver1.0.0
|
Credits
The vulnerability was discovered by Georgy Kiguradze from Kaspersky
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr041me",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "facedepot_7b",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr043",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T14:59:40.293850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:35.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
"vendor": "ZkTeco",
"versions": [
{
"status": "affected",
"version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker \n\nto write any file on the system with root privileges.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker \n\nto write any file on the system with root privileges.\n\n\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126: Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T10:20:39.827Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-04-27T21:00:00.000Z",
"value": "Vulnerability discovered."
},
{
"lang": "en",
"time": "2023-09-19T14:00:00.000Z",
"value": "Initial request to PSIRT@zkteco.com."
},
{
"lang": "en",
"time": "2023-10-03T13:18:00.000Z",
"value": "Follow-up with PSIRT@zkteco.com due to no initial response."
},
{
"lang": "en",
"time": "2023-12-20T10:46:00.000Z",
"value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
},
{
"lang": "en",
"time": "2024-05-21T10:20:00.000Z",
"value": "No response from vendor; CVE details added to CVE.org."
}
],
"title": "Multiple arbitrary file writes in ZkTeco-based OEM devices",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-3941",
"datePublished": "2024-05-21T10:20:39.827Z",
"dateReserved": "2023-07-25T13:59:28.328Z",
"dateUpdated": "2024-08-02T07:08:50.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3940 (GCVE-0-2023-3940)
Vulnerability from cvelistv5 – Published: 2024-05-21 10:15 – Updated: 2024-08-02 07:08
VLAI?
Summary
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker
to access any file on the system.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly others.
Severity ?
7.5 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZkTeco | ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 |
Affected:
ZAM170-NF-1.8.25-7354-Ver1.0.0
|
Credits
The vulnerability was discovered by Georgy Kiguradze from Kaspersky
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "facedepot_7b",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr043",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr041me",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:00:35.875389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:36.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
"vendor": "ZkTeco",
"versions": [
{
"status": "affected",
"version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker \nto access any file on the system.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker \nto access any file on the system.\n\n\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126: Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T10:15:52.699Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-04-27T21:00:00.000Z",
"value": "Vulnerability discovered."
},
{
"lang": "en",
"time": "2023-09-19T14:00:00.000Z",
"value": "Initial request to PSIRT@zkteco.com."
},
{
"lang": "en",
"time": "2023-10-03T13:18:00.000Z",
"value": "Follow-up with PSIRT@zkteco.com due to no initial response."
},
{
"lang": "en",
"time": "2023-12-20T10:46:00.000Z",
"value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
},
{
"lang": "en",
"time": "2024-05-21T10:15:00.000Z",
"value": "No response from vendor; CVE details added to CVE.org."
}
],
"title": "Multiple arbitrary file reads in ZkTeco-based OEM devices",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-3940",
"datePublished": "2024-05-21T10:15:52.699Z",
"dateReserved": "2023-07-25T13:57:11.798Z",
"dateUpdated": "2024-08-02T07:08:50.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3939 (GCVE-0-2023-3939)
Vulnerability from cvelistv5 – Published: 2024-05-21 09:45 – Updated: 2024-08-02 07:08
VLAI?
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS
Command Injection') vulnerability in ZkTeco-based OEM devices allows OS
Command Injection.
Since all the found command implementations are executed from the
superuser, their impact is the maximum possible.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly other.
Severity ?
10 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZkTeco | ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 |
Affected:
ZAM170-NF-1.8.25-7354-Ver1.0.0
|
Credits
The vulnerability was discovered by Georgy Kiguradze from Kaspersky
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "facedepot_7b",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr043",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr041me",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:01:31.459687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:32.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
"vendor": "ZkTeco",
"versions": [
{
"status": "affected",
"version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nImproper Neutralization of Special Elements used in an OS Command (\u0027OS \nCommand Injection\u0027) vulnerability in ZkTeco-based OEM devices allows OS \nCommand Injection. \nSince all the found command implementations are executed from the \nsuperuser, their impact is the maximum possible.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly other.\n\n"
}
],
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS \nCommand Injection\u0027) vulnerability in ZkTeco-based OEM devices allows OS \nCommand Injection. \nSince all the found command implementations are executed from the \nsuperuser, their impact is the maximum possible.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly other."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T10:11:07.376Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-04-27T21:00:00.000Z",
"value": "Vulnerability discovered."
},
{
"lang": "en",
"time": "2023-09-19T14:00:00.000Z",
"value": "Initial request to PSIRT@zkteco.com."
},
{
"lang": "en",
"time": "2023-10-03T13:18:00.000Z",
"value": "Follow-up with PSIRT@zkteco.com due to no initial response."
},
{
"lang": "en",
"time": "2023-12-20T10:46:00.000Z",
"value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
},
{
"lang": "en",
"time": "2024-05-21T09:44:00.000Z",
"value": "No response from vendor; CVE details added to CVE.org."
}
],
"title": "Multiple command injection in ZkTeco-based OEM devices",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-3939",
"datePublished": "2024-05-21T09:45:00.639Z",
"dateReserved": "2023-07-25T13:51:45.777Z",
"dateUpdated": "2024-08-02T07:08:50.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3938 (GCVE-0-2023-3938)
Vulnerability from cvelistv5 – Published: 2024-05-21 09:32 – Updated: 2024-08-02 07:08
VLAI?
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL
Injection') vulnerability in ZkTeco-based OEM devices allows an
attacker
to authenticate under any user from the device database.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly others.
Severity ?
4.6 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZkTeco | ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 |
Affected:
ZAM170-NF-1.8.25-7354-Ver1.0.0
|
Credits
The vulnerability was discovered by Alexander Zaytsev from Kaspersky
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr043",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr041me",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "facedepot_7b",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:02:22.205077Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:12:06.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-001.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
"vendor": "ZkTeco",
"versions": [
{
"status": "affected",
"version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Alexander Zaytsev from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nImproper Neutralization of Special Elements used in an SQL Command (\u0027SQL\n Injection\u0027) vulnerability in ZkTeco-based OEM devices allows an \nattacker \n to authenticate under any user from the device database.\n\nThis issue affects\u0026nbsp;\n\n\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others.\n\n"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL\n Injection\u0027) vulnerability in ZkTeco-based OEM devices allows an \nattacker \n to authenticate under any user from the device database.\n\nThis issue affects\u00a0\n\n\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T10:14:30.409Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-001.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-04-04T21:00:00.000Z",
"value": "Vulnerability discovered."
},
{
"lang": "en",
"time": "2023-09-19T14:00:00.000Z",
"value": "Initial request to PSIRT@zkteco.com."
},
{
"lang": "en",
"time": "2023-10-03T13:18:00.000Z",
"value": "Follow-up with PSIRT@zkteco.com due to no initial response."
},
{
"lang": "en",
"time": "2023-12-20T10:46:00.000Z",
"value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
},
{
"lang": "en",
"time": "2024-05-21T09:31:00.000Z",
"value": "No response from vendor; CVE details added to CVE.org."
}
],
"title": "Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-3938",
"datePublished": "2024-05-21T09:32:15.305Z",
"dateReserved": "2023-07-25T13:42:20.770Z",
"dateUpdated": "2024-08-02T07:08:50.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51142 (GCVE-0-2023-51142)
Vulnerability from cvelistv5 – Published: 2024-03-21 00:00 – Updated: 2025-06-24 14:58
VLAI?
Summary
An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zkteco:biotime:8.5.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "biotime",
"vendor": "zkteco",
"versions": [
{
"status": "affected",
"version": "8.5.4"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51142",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-17T15:10:13.605956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T14:58:14.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:09.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://zkteco.com"
},
{
"tags": [
"x_transferred"
],
"url": "http://biotime.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/ipxsec/b20383620c9e1d5300f7716e62e8a82f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T16:14:30.133Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://zkteco.com"
},
{
"url": "http://biotime.com"
},
{
"url": "https://gist.github.com/ipxsec/b20383620c9e1d5300f7716e62e8a82f"
},
{
"url": "https://www.zkteco.com/en/Security_Bulletinsibs/14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51142",
"datePublished": "2024-03-21T00:00:00.000Z",
"dateReserved": "2023-12-18T00:00:00.000Z",
"dateUpdated": "2025-06-24T14:58:14.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51141 (GCVE-0-2023-51141)
Vulnerability from cvelistv5 – Published: 2024-03-21 00:00 – Updated: 2024-08-16 15:43
VLAI?
Summary
An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:09.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://biotime.com"
},
{
"tags": [
"x_transferred"
],
"url": "http://zkteko.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/ipxsec/1680d29c49fe368be81b037168175b10"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zkteco:biotime:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "biotime",
"vendor": "zkteco",
"versions": [
{
"status": "affected",
"version": "8.5.4"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51141",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-11T17:26:03.815450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T15:43:21.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication \u0026 Authorization component"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-21T12:02:37.466565",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://biotime.com"
},
{
"url": "http://zkteko.com"
},
{
"url": "https://gist.github.com/ipxsec/1680d29c49fe368be81b037168175b10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51141",
"datePublished": "2024-03-21T00:00:00",
"dateReserved": "2023-12-18T00:00:00",
"dateUpdated": "2024-08-16T15:43:21.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2318 (GCVE-0-2024-2318)
Vulnerability from cvelistv5 – Published: 2024-03-08 13:00 – Updated: 2025-06-10 07:28
VLAI?
Summary
A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbio_media.sql leads to path traversal: '../filedir'. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.3 Build 2025-05-26-1605 is able to address this issue. It is recommended to upgrade the affected component.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZKTeco | ZKBio Media |
Affected:
2.0.0_x64_2024-01-29-1028
|
Credits
Hussein Amer (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-256272 | ZKTeco ZKBio Media Service Port 9999 download path traversal",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.256272"
},
{
"name": "VDB-256272 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.256272"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://gist.github.com/whiteman007/a3b25a7ddf38774329d72930e0cd841a"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zkteco:zkbio_media:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zkbio_media",
"vendor": "zkteco",
"versions": [
{
"status": "affected",
"version": "2.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2318",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T15:47:33.199046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T18:57:24.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Service Port 9999"
],
"product": "ZKBio Media",
"vendor": "ZKTeco",
"versions": [
{
"status": "affected",
"version": "2.0.0_x64_2024-01-29-1028"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Hussein Amer (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbio_media.sql leads to path traversal: \u0027../filedir\u0027. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.3 Build 2025-05-26-1605 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei /pro/common/download der Komponente Service Port 9999. Mittels dem Manipulieren des Arguments fileName mit der Eingabe ../../../../zkbio_media.sql mit unbekannten Daten kann eine path traversal: \u0027../filedir\u0027-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 2.1.3 Build 2025-05-26-1605 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T07:28:04.921Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-256272 | ZKTeco ZKBio Media Service Port 9999 download path traversal",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.256272"
},
{
"name": "VDB-256272 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.256272"
},
{
"name": "Submit #288530 | zkteco zkbio media V2.0.0_x64_2024-01-29-1028 Path Traversal Vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.288530"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/whiteman007/a3b25a7ddf38774329d72930e0cd841a"
},
{
"tags": [
"patch"
],
"url": "https://www.zkteco.com/en/Security_Bulletinsibs/11"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-08T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2024-03-08T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-10T09:32:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "ZKTeco ZKBio Media Service Port 9999 download path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2318",
"datePublished": "2024-03-08T13:00:07.918Z",
"dateReserved": "2024-03-08T06:48:01.928Z",
"dateUpdated": "2025-06-10T07:28:04.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22988 (GCVE-0-2024-22988)
Vulnerability from cvelistv5 – Published: 2024-02-23 00:00 – Updated: 2025-06-10 13:26
VLAI?
Summary
ZKteco ZKBio WDMS before 9.0.2 Build 20250526 allows an attacker to download a database backup via the /files/backup/ component because the filename is based on a predictable timestamp.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zkteco:zkbio_wdms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zkbio_wdms",
"vendor": "zkteco",
"versions": [
{
"status": "affected",
"version": "v8.0.5"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-26T18:28:29.814002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T13:26:43.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-19T07:48:06.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://zkteco.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/whiteman007/b50a9b64007a5d7bcb7a8bee61d2cb47"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.vicarius.io/vsociety/posts/revealing-cve-2024-22988-a-unique-dive-into-exploiting-access-control-gaps-in-zkbio-wdms-uncover-the-untold-crafted-for-beginners-with-a-rare-glimpse-into-pentesting-strategies"
},
{
"url": "https://www.vicarius.io/vsociety/posts/revealing-cve-2024-22988-a-unique-dive-into-exploiting-access-control-gaps-in-zkbio-wdms-uncover-the-untold-crafted-for-beginners-with-a-rare-glimpse-into-pentesting-strategies"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZKteco ZKBio WDMS before 9.0.2 Build 20250526 allows an attacker to download a database backup via the /files/backup/ component because the filename is based on a predictable timestamp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-07T20:10:08.642Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://zkteco.com"
},
{
"url": "https://gist.github.com/whiteman007/b50a9b64007a5d7bcb7a8bee61d2cb47"
},
{
"url": "https://www.vicarius.io/vsociety/posts/revealing-cve-2024-22988-a-unique-dive-into-exploiting-access-control-gaps-in-zkbio-wdms-uncover-the-untold-crafted-for-beginners-with-a-rare-glimpse-into-pentesting-strategies"
},
{
"url": "https://www.zkteco.com/en/Security_Bulletinsibs/12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-22988",
"datePublished": "2024-02-23T00:00:00.000Z",
"dateReserved": "2024-01-11T00:00:00.000Z",
"dateUpdated": "2025-06-10T13:26:43.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1706 (GCVE-0-2024-1706)
Vulnerability from cvelistv5 – Published: 2024-02-21 18:00 – Updated: 2025-08-22 07:29
VLAI?
Summary
A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input <marquee>hi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor explains: "ZKBio Access IVS is no longer maintained and the product has been replaced by ZKBio CVAccess, it is recommended to replace it with the latest version of ZKBio CVAccess." This vulnerability only affects products that are no longer supported by the maintainer.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZKTeco | ZKBio Access IVS |
Affected:
3.3.0
Affected: 3.3.1 Affected: 3.3.2 |
Credits
Hussein Amer (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-254396 | ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.254396"
},
{
"name": "VDB-254396 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.254396"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://gist.githubusercontent.com/whiteman007/8d3a09991de4ef336937ba91c07b7856/raw/adc00538d7a8c3c54bde4797a10d9b6af393711d/gistfile1.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1706",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T19:40:22.669488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T19:40:34.027Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Department Name Search Bar"
],
"product": "ZKBio Access IVS",
"vendor": "ZKTeco",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Hussein Amer (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input \u003cmarquee\u003ehi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor explains: \"ZKBio Access IVS is no longer maintained and the product has been replaced by ZKBio CVAccess, it is recommended to replace it with the latest version of ZKBio CVAccess.\" This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in ZKTeco ZKBio Access IVS bis 3.3.2 gefunden. Dies betrifft einen unbekannten Teil der Komponente Department Name Search Bar. Mit der Manipulation mit der Eingabe \u003cmarquee\u003ehi mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T07:29:38.911Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-254396 | ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.254396"
},
{
"name": "VDB-254396 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.254396"
},
{
"name": "Submit #280083 | zkteco zkbio access IVS 3.3.2 xss",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.280083"
},
{
"name": "Submit #280084 | zkteco zkbio access IVS 3.3.2 xss (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.280084"
},
{
"tags": [
"exploit"
],
"url": "https://gist.githubusercontent.com/whiteman007/8d3a09991de4ef336937ba91c07b7856/raw/adc00538d7a8c3c54bde4797a10d9b6af393711d/gistfile1.txt"
},
{
"tags": [
"related"
],
"url": "https://www.zkteco.com/en/Security_Bulletinsibs/21"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2024-02-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-02-21T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2024-02-21T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-22T09:34:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-1706",
"datePublished": "2024-02-21T18:00:07.522Z",
"dateReserved": "2024-02-21T12:31:15.436Z",
"dateUpdated": "2025-08-22T07:29:38.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4587 (GCVE-0-2023-4587)
Vulnerability from cvelistv5 – Published: 2023-09-04 11:23 – Updated: 2024-08-02 07:31
VLAI?
Summary
An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server.
Severity ?
8.3 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Credits
David Utón Amaya (m3n0sd0n4ld)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zkteco:zem800:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zem800",
"vendor": "zkteco",
"versions": [
{
"status": "affected",
"version": "6.60"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:31:52.093254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:24.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-zkteco-zem800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ZEM800",
"vendor": "ZKTeco ",
"versions": [
{
"status": "affected",
"version": "6.60"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "David Ut\u00f3n Amaya (m3n0sd0n4ld)"
}
],
"datePublic": "2023-09-04T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server."
}
],
"value": "An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T11:23:06.896Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-zkteco-zem800"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The gama has been updated and it is recommended to upgrade to the latest version available."
}
],
"value": "The gama has been updated and it is recommended to upgrade to the latest version available."
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Insecure direct object reference in ZKTeco ZEM800",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-4587",
"datePublished": "2023-09-04T11:23:06.896Z",
"dateReserved": "2023-08-29T07:42:12.425Z",
"dateUpdated": "2024-08-02T07:31:06.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38956 (GCVE-0-2023-38956)
Vulnerability from cvelistv5 – Published: 2023-08-03 00:00 – Updated: 2024-10-17 20:02
VLAI?
Summary
A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://zkteco.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-38956"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T20:02:37.756767Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T20:02:56.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://zkteco.com"
},
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-38956"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38956",
"datePublished": "2023-08-03T00:00:00",
"dateReserved": "2023-07-25T00:00:00",
"dateUpdated": "2024-10-17T20:02:56.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38950 (GCVE-0-2023-38950)
Vulnerability from cvelistv5 – Published: 2023-08-03 00:00 – Updated: 2025-11-04 16:56
VLAI?
Summary
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://zkteco.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-38950"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-38950",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T03:55:34.683253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-05-19",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38950"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T18:25:21.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://sploitus.com/exploit?id=PACKETSTORM:177859"
},
{
"tags": [
"media-coverage"
],
"url": "https://www.fortinet.com/content/dam/fortinet/assets/reports/report-incident-response-middle-east.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38950"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T16:56:10.466Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://zkteco.com"
},
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-38950"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38950",
"datePublished": "2023-08-03T00:00:00.000Z",
"dateReserved": "2023-07-25T00:00:00.000Z",
"dateUpdated": "2025-11-04T16:56:10.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}