114 matches found
CVE-2020-17474
CVE-2020-17474 concerns a token-reuse vulnerability affecting ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723. The connected documents confirm that a token reuse flaw can enable a remote attacker to submit crafted requests to create arbitrary new users, escalate privileges to ...
CVE-2020-17473
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.020190723 allows an attacker to obtain a long-lasting token by impersonating the server...
ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability
Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...
ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote SYSTEM Code Execution
Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...
ZKTeco ZKBioSecurity Multiple Vulnerabilities (Jul 2016)
ZKTeco ZKBioSecurity is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zkteco:zkbiosecurity";...
ZKTeco ZKBioSecurity Detection (HTTP)
HTTP based detection of ZKTeco ZKBioSecurity. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ZKTeco ZKBioSecurity 3.0 hard-coded login credentials and remote system command execution
No description provided by source...
ZKTeco ZKBioSecurity 3.0 - (visLogin. jsp) Local Authentication bypass
No description provided by source...
ZKTeco ZKBioSecurity 3.0 Local Privilege Bypass Vulnerability
ZKBioSecurity is a comprehensive management platform for biometric security. A local privilege bypass vulnerability exists in ZKTeco ZKBioSecurity 3.0, which is caused by the visLogin.jsp script processing login requests via the 'EnvironmentUtil.getClientIprequest' method, allowing an attacker to...
ZKTeco ZKBioSecurity 3.0 Directory Traversal Vulnerability
ZKBioSecurity is a comprehensive management platform for biometric security. A directory traversal vulnerability exists in ZKTeco ZKBioSecurity 3.0, which can be exploited by an attacker to obtain sensitive information by modifying a file path...
ZKTeco ZKBioSecurity 3.0 Cross-Site Request Forgery Vulnerability
ZKBioSecurity 3.0 is a smart security management platform. ZKTeco ZKBioSecurity 3.0 cross-site request forgery vulnerability can be exploited by an attacker to perform certain actions with administrator privileges...
ZKTeco ZKBioSecurity 3.0 Hardcoded Certificate Remote System Command Execution Vulnerability
ZKBioSecurity is a comprehensive management platform for biometric security. The ZKTeco ZKBioSecurity 3.0 hard-coded credentials remote system command execution vulnerability arises because after credential validation, the application bundles a pre-configured Apache Tomcat server and user login...
ZKTeco ZKBioSecurity 3.0 - visLogin.jsp Local Authentication Bypass
ZKTeco ZKBioSecurity 3.0 - visLogin.jsp Local Authentication Bypass ZKTeco ZKBioSecurity 3.0 visLogin.jsp Local Authorization Bypass Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform:...
ZKTeco ZKBioSecurity 3.0 User Enumeration
!/usr/bin/env python ZKTeco ZKBioSecurity 3.0 User Enumeration Weakness Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator...
ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote SYSTEM Code Execution
i? ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote SYSTEM Code Execution Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757...
ZKTeco ZKBioSecurity 3.0 visLogin.jsp Authorization Bypass
i? ZKTeco ZKBioSecurity 3.0 visLogin.jsp Local Authorization Bypass Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator:...
ZKTeco ZKBioSecurity 3.0 Cross Site Scripting
i? ZKTeco ZKBioSecurity 3.0 Multiple XSS Vulnerabilities Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator: 2.0.1.0R777...
ZKTeco ZKBioSecurity 3.0 - 'visLogin.jsp' Local Authentication Bypass
ZKTeco ZKBioSecurity 3.0 visLogin.jsp Local Authorization Bypass Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator:...
ZKTeco ZKBioSecurity 3.0 - Cross-Site Request Forgery (Add Superadmin)
!-- ZKTeco ZKBioSecurity 3.0 CSRF Add Superadmin Exploit Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator: 2.0.1.0R777...
ZKTeco ZKBioSecurity 3.0 File Path Manipulation
i? ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator:...