EUVD-2023-44568

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

SQL Injection vulnerability in ZKTeco devices allows user impersonation and unauthorized access to data

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-3942	12 Jun 202415:10	–	circl
CNNVD	ZkTeco OEM SQL注入漏洞	21 May 202400:00	–	cnnvd
CVE	CVE-2023-3942	21 May 202412:23	–	cve
Cvelist	CVE-2023-3942 Multiple SQLi in ZkTeco-based OEM devices	21 May 202412:23	–	cvelist
NVD	CVE-2023-3942	21 May 202413:15	–	nvd
Positive Technologies	PT-2024-12808 · Zkteco · Zkteco-Based Oem Devices	21 May 202400:00	–	ptsecurity
RedhatCVE	CVE-2023-3942	23 May 202504:11	–	redhatcve
Securelist	QR code SQL injection and other vulnerabilities in a popular biometric terminal	11 Jun 202408:00	–	securelist
The Hacker News	ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws	14 Jun 202408:09	–	thn
Vulnrichment	CVE-2023-3942 Multiple SQLi in ZkTeco-based OEM devices	21 May 202412:23	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "eff2f6c6-453b-3927-8563-84fdf31f48ab",
        "vendor": {
          "name": "ZKTeco"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "6687c34c-1272-33cb-a9cd-aa20759a7509",
        "product": {
          "name": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0, Standalone service v. 2.1.6-20200907"
        },
        "product_version": "Standalone service v. 2.1.6-20200907"
      },
      {
        "id": "75055a42-6197-300a-b083-57d3f20c7024",
        "product": {
          "name": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0, Standalone service v. 2.1.6-20200907"
        },
        "product_version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
      }
    ]
  }
]

Source	Link
github	www.github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-005.md

03 Oct 2025 20:07Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.17.5

EPSS0.00172

SSVC