Lucene search
CVE-2022-42953
ZKTeco products allow access to sensitive information via direct requests
Show more
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | Information disclosure | 25 Dec 202205:15 | – | prion |
 | ZKTeco ZEM500-510-560-760 / ZEM600-800 / ZEM720 / ZMM Missing Authentication | 25 Oct 202200:00 | – | packetstorm |
 | ZKTeco ZEM/ZMM 8.88 - Missing Authentication Vulnerability | 28 Mar 202300:00 | – | zdt |
| ZKTeco ZEM500-510-560-760 / ZEM600-800 / ZEM720 / ZMM Missing Authentication Vulnerability | 25 Oct 202200:00 | – | zdt |
 | CVE-2022-42953 | 25 Dec 202205:15 | – | nvd |
 | CVE-2022-42953 | 25 Dec 202200:00 | – | cvelist |
 | ZKTeco ZEM/ZMM 8.88 - Missing Authentication | 28 Mar 202300:00 | – | exploitdb |
Node
Node
Node
Node
Node
Node
Node
Node
Node
Node
| Source | Link |
|---|---|
| seclists | www.seclists.org/fulldisclosure/2022/Oct/23 |
| redteam-pentesting | www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| style | query param | /form/DataApp | Access to sensitive information without authentication through style parameter. | CWE-425 |
| did | query param | /csl/user | Direct access to user details without authentication. | CWE-425 |
| uid | query param | /csl/user | Direct access to user details without authentication. | CWE-425 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo25 Dec 2022 05:15Current
7.3High risk
Vulners AI Score7.3
CVSS37.5
EPSS0.11404