CVE-2024-35428

2024-05-3017:15:34

[email protected]

web.nvd.nist.gov

zkteco

cvsecurity

directory traversal

authenticated user

dos

6.2 Medium

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

JSON

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS.

References

github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35428.md