The vulnerability of the microprogrammed software of the biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME lies in buffer overflow attacks on the glass components, allowing intruders to execute arbitrary codes.

The vulnerability of microprogrammed software in biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME stems from buffer overflows in the stack due to the absence of protection mechanisms like Canary and PIE. Exploiting this vulnerability allows an attacker operating...

The vulnerability of microprogrammed software in biometric terminal models ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME arises from the lack of protective measures for the SQL query structure. This allows attackers to execute arbitrary SQL code, circumvent security restrictions, and gain unauthorized access to protected information.

The vulnerability of microprogrammed software in biometric terminal devices such as ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows attackers to execute arbitrary SQL code,...

The vulnerabilities of the Handler for User Photo Upload Command and the Handler for Picture Upload Command in the microprogrammable biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME allow a perpetrator to gain unauthorized access, enabling them to read, modify, or delete data.

The vulnerability of the Handler for User Photo Upload Command and Handler for Picture Upload Command components of the microprogrammed software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME is related to errors in processing the relative path to the catalog...

The vulnerabilities of the Handler for User Photo Delete and Handler for Picture Delete Commands components, as well as the Cloud Service Command Handlers (PushCommandExecute) of the microprogramming software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME, allow a intruder to execute arbitrary commands.

The vulnerabilities of the Handler for User Photo Delete and Handler for Picture Delete Commands, as well as the Cloud Service Command Handlers PushCommandExecute in the microprogramming software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME, are related to th...

The vulnerability of microprogrammed biometric terminal software for ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME lies in errors in processing the relative path to the catalog. This allows intruders to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of microprogrammed software in biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME is related to errors in processing the relative path to the catalog. Exploiting this vulnerability can allow an attacker, operating remotely, to circumvent security...

CVE-2023-3941 Multiple arbitrary file writes in ZkTeco-based OEM devices

Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others with the ZAM170-NF-1.8.25-7354-Ver1.0.0...

CVE-2023-3940 Multiple arbitrary file reads in ZkTeco-based OEM devices

Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others...

PT-2024-4481 · Smartec +1 · Smartec St-Fr041Me +2

Name of the Vulnerable Software and Affected Versions: ZkTeco ProFace X versions ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others Smartec ST-FR043 versions ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others Smartec ST-FR041ME versions ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others...

ZkTeco OEM 安全漏洞

ZkTeco OEM is an intelligent system from the Chinese company ZkTeco. A security vulnerability exists in ZkTeco OEM that stems from incorrect neutralization of special elements used in operating system commands. The following products and versions are affected: ZkTeco ProFace X, Smartec ST-FR043,...

ZkTeco ProFace X、Smartec ST-FR043、Smartec ST-FR041ME、ZAM170-NF-1.8.25-7354-Ver1.0.0 SQL注入漏洞

ZkTeco OEM is an intelligent system from ZkTeco China. A SQL injection vulnerability exists in ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME, and ZAM170-NF-1.8.25-7354-Ver1.0.0 versions, which stems from the lack of certain protection mechanisms and allows an attacker to execute arbitrar...