CVE-2024-35433

2024-05-3018:15:09

[email protected]

web.nvd.nist.gov

zkteco

zkbio

cvsecurity

vulnerability

access control

authenticated user

permissions

admin user

6.4 Medium

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

JSON

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user.

References

github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35433.md