Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zkteco vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-38951
A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows malicious users to write arbitrary files via using a malicious SFTP configuration.
Zkteco Biotime 8.5.5
7.5
CVSSv3
CVE-2023-38952
Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated malicious users to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system.
Zkteco Biotime 8.5.5
5.5
CVSSv3
CVE-2023-4587
An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local malicious user to obtain registered user backup files or device configuration files over a local network or through a VPN server.
Zkteco Zem800 Firmware 6.60
8.8
CVSSv3
CVE-2017-17056
The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 parameters to the /acco...
Zkteco Zktime Web 2.0.1.12280
6.1
CVSSv3
CVE-2017-17057
There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitra...
Zkteco Zktime Web 2.0.1.12280
7.5
CVSSv3
CVE-2017-14680
ZKTeco ZKTime Web 2.0.1.12280 allows remote malicious users to obtain sensitive employee metadata via a direct request for a PDF document.
Zkteco Zktime Web 2.0.1.12280
1 EDB exploit
9.8
CVSSv3
CVE-2023-38954
ZKTeco BioAccess IVS v3.3.1 exists to contain a SQL injection vulnerability.
Zkteco Bioaccess Ivs 3.3.1
7.5
CVSSv3
CVE-2023-38956
A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated malicious users to read arbitrary files via supplying a crafted payload.
Zkteco Bioaccess Ivs 3.3.1
7.5
CVSSv3
CVE-2023-38955
ZKTeco BioAccess IVS v3.3.1 allows unauthenticated malicious users to obtain sensitive information about all managed devices, including their IP addresses and device names.
Zkteco Bioaccess Ivs 3.3.1
8.8
CVSSv3
CVE-2022-36634
An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows malicious users to arbitrarily create admin users via a crafted HTTP request.
Zkteco Zkbiosecurity V5000 3.0.5.0 R
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »