Lucene search
+L

4 matches found

The Hacker News
The Hacker News
added 2024/06/14 8:9 a.m.39 views

ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws

An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake ...

10CVSS9.6AI score0.01324EPSS
Exploits0
NVD
NVD
added 2024/05/21 10:15 a.m.23 views

CVE-2023-3938

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec...

4.6CVSS5.3AI score0.00432EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/21 9:32 a.m.33 views

CVE-2023-3938 Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec...

4.6CVSS5.3AI score0.00432EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/21 9:32 a.m.29 views

CVE-2023-3938 Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec...

4.6CVSS7.7AI score0.00432EPSS
Exploits0References1
Rows per page
Query Builder