Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zkteco vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-42953
Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be prior to 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.0...
Zkteco Zmm200 Firmware
Zkteco Zmm210 Firmware
Zkteco Zmm220 Firmware
Zkteco Zem720 Firmware
Zkteco Zem600 Firmware
Zkteco Zem800 Firmware
Zkteco Zem510 Firmware
Zkteco Zem560 Firmware
Zkteco Zem760 Firmware
Zkteco Zem500 Firmware
NA
CVE-2021-39434
A default username and password for an administrator account exists in ZKTeco ZKTime 10.0 up to and including 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220.
Zkteco Zktime 11.1.0
Zkteco Zktime
NA
CVE-2022-30515
ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an malicious user to view them through filename enumeration.
Zkteco Biotime 8.5.4
Zkteco Biotime 8.5.5
383
VMScore
CVE-2020-17473
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an malicious user to obtain a long-lasting token by impersonating the server.
Zkteco Zkbiosecurity Server 1.0.0 20190723
Zkteco Facedepot 7b Firmware 1.0.213
668
VMScore
CVE-2020-17474
A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an malicious user to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database.
Zkteco Zkbiosecurity Server 1.0.0 20190723
Zkteco Facedepot 7b Firmware 1.0.213
NA
CVE-2022-38801
In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting.
Zkteco Biotime
NA
CVE-2022-38802
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as ...
Zkteco Biotime
NA
CVE-2022-38803
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF
Zkteco Biotime
NA
CVE-2023-4587
An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local malicious user to obtain registered user backup files or device configuration files over a local network or through a VPN server.
Zkteco Zem800 Firmware 6.60
NA
CVE-2023-38949
An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated malicious users to arbitrarily reset the Administrator password via a crafted web request.
Zkteco Biotime 8.5.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »