5 matches found
CVE-2023-3939
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects...
ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws
An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake ...
CVE-2023-3939
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects...
CVE-2023-3939
CVE-2023-3939 is a high-severity OS command injection affecting ZkTeco-based OEM devices (notably ZKProFace X, Smartec ST-FR043/FR041ME) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0. The vulnerability allows execution of arbitrary commands with root privileges via network-accessible components, l...
CVE-2023-3939 Multiple command injection in ZkTeco-based OEM devices
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects...