CVE-2016-20024 (GCVE-0-2016-20024)
Vulnerability from cvelistv5 – Published: 2026-03-15 13:35 – Updated: 2026-03-15 13:35
VLAI?
Title
ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation
Summary
ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation.
Severity ?
9.8 (Critical)
CWE
- CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZKTeco Inc. | ZKTeco ZKTime.Net |
Affected:
3.0.1.6
Affected: 3.0.1.5 (160622) Affected: 3.0.1.1 (160216) |
Date Public ?
2016-08-30 00:00
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"cna": {
"affected": [
{
"product": "ZKTeco ZKTime.Net",
"vendor": "ZKTeco Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.1.6"
},
{
"status": "affected",
"version": "3.0.1.5 (160622)"
},
{
"status": "affected",
"version": "3.0.1.1 (160216)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2016-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-15T13:35:11.360Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Zero Science Lab Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php"
},
{
"name": "CXSecurity",
"tags": [
"third-party-advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2016080264"
},
{
"name": "IBM X-Force Exchange",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116487"
},
{
"name": "Packet Storm Security",
"tags": [
"exploit"
],
"url": "https://packetstormsecurity.com/files/138565"
},
{
"name": "Reference",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40322/"
},
{
"name": "VulnCheck Advisory: ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/zkteco-zktime-net-insecure-file-permissions-privilege-escalation"
}
],
"title": "ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2016-20024",
"datePublished": "2026-03-15T13:35:11.360Z",
"dateReserved": "2026-03-15T12:36:03.511Z",
"dateUpdated": "2026-03-15T13:35:11.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…