A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an malicious user to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zkteco zkbiosecurity server 1.0.0_20190723 |
||
zkteco facedepot_7b_firmware 1.0.213 |