Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zkteco vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-38951
A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows malicious users to write arbitrary files via using a malicious SFTP configuration.
Zkteco Biotime 8.5.5
NA
CVE-2023-38952
Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated malicious users to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system.
Zkteco Biotime 8.5.5
NA
CVE-2023-4587
An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local malicious user to obtain registered user backup files or device configuration files over a local network or through a VPN server.
Zkteco Zem800 Firmware 6.60
5
CVSSv2
CVE-2017-14680
ZKTeco ZKTime Web 2.0.1.12280 allows remote malicious users to obtain sensitive employee metadata via a direct request for a PDF document.
Zkteco Zktime Web 2.0.1.12280
1 EDB exploit
NA
CVE-2023-38954
ZKTeco BioAccess IVS v3.3.1 exists to contain a SQL injection vulnerability.
Zkteco Bioaccess Ivs 3.3.1
NA
CVE-2023-38955
ZKTeco BioAccess IVS v3.3.1 allows unauthenticated malicious users to obtain sensitive information about all managed devices, including their IP addresses and device names.
Zkteco Bioaccess Ivs 3.3.1
NA
CVE-2023-38956
A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated malicious users to read arbitrary files via supplying a crafted payload.
Zkteco Bioaccess Ivs 3.3.1
NA
CVE-2023-38958
An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated malicious users to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request.
Zkteco Bioaccess Ivs 3.3.1
NA
CVE-2022-36635
ZKteco ZKBioSecurity V5000 4.1.3 exists to contain a SQL injection vulnerability via the component /baseOpLog.do.
Zkteco Zkbiosecurity V5000 4.1.3
6
CVSSv2
CVE-2017-13129
Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.
Zkteco Zktime Web 2.0.1.12280
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »