Published: 25/12/2022 Updated: 08/08/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be prior to 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210). The fixed versions are firmware version 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and firmware version 15.00 (ZMM200-220-210).

Vulnerable Product	Search on Vulmon	Subscribe to Product
zkteco zmm200_firmware
zkteco zmm210_firmware
zkteco zmm220_firmware
zkteco zem720_firmware
zkteco zem600_firmware
zkteco zem800_firmware
zkteco zem510_firmware
zkteco zem560_firmware
zkteco zem760_firmware
zkteco zem500_firmware

ZKTeco ZEM500-510-560-760, ZEM600-800, ZEM720, and ZMM suffer from a missing authentication vulnerability Versions below 888 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 1500 (ZMM200-220-210) are potentially affected ...

CWE-425 https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses https://seclists.org/fulldisclosure/2022/Oct/23 https://nvd.nist.gov https://packetstormsecurity.com/files/169500/ZKTeco-ZEM500-510-560-760-ZEM600-800-ZEM720-ZMM-Missing-Authentication.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-42953

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect