An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows malicious users to arbitrarily create admin users via a crafted HTTP request.
zkteco zkbiosecurity v5000 3.0.5.0_r