Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zkteco vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-42953
Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be prior to 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.0...
Zkteco Zmm200 Firmware
Zkteco Zmm210 Firmware
Zkteco Zmm220 Firmware
Zkteco Zem720 Firmware
Zkteco Zem600 Firmware
Zkteco Zem800 Firmware
Zkteco Zem510 Firmware
Zkteco Zem560 Firmware
Zkteco Zem760 Firmware
Zkteco Zem500 Firmware
7.5
CVSSv3
CVE-2021-39434
A default username and password for an administrator account exists in ZKTeco ZKTime 10.0 up to and including 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220.
Zkteco Zktime 11.1.0
Zkteco Zktime
5.3
CVSSv3
CVE-2022-30515
ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an malicious user to view them through filename enumeration.
Zkteco Biotime 8.5.4
Zkteco Biotime 8.5.5
5.9
CVSSv3
CVE-2020-17473
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an malicious user to obtain a long-lasting token by impersonating the server.
Zkteco Zkbiosecurity Server 1.0.0 20190723
Zkteco Facedepot 7b Firmware 1.0.213
9.8
CVSSv3
CVE-2020-17474
A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an malicious user to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database.
Zkteco Zkbiosecurity Server 1.0.0 20190723
Zkteco Facedepot 7b Firmware 1.0.213
5.4
CVSSv3
CVE-2022-38801
In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting.
Zkteco Biotime
6.8
CVSSv3
CVE-2022-38803
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF
Zkteco Biotime
6.2
CVSSv3
CVE-2022-38802
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as ...
Zkteco Biotime
5.5
CVSSv3
CVE-2023-4587
An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local malicious user to obtain registered user backup files or device configuration files over a local network or through a VPN server.
Zkteco Zem800 Firmware 6.60
7.5
CVSSv3
CVE-2023-38949
An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated malicious users to arbitrarily reset the Administrator password via a crafted web request.
Zkteco Biotime 8.5.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-24955
man-in-the-middle
dos
CVE-2024-2818
CVE-2024-30584
CVE-2024-31134
camera
CVE-2023-45866
CVE-2024-30585
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »