13 matches found
EUVD-2020-9426
Malware in sbrugna...
ZKTeco FaceDepot and ZKBiosecurity Server Token Reuse Vulnerability
ZKTeco FaceDepot is a face attendance system. A token reuse vulnerability exists in ZKTeco FaceDepot version 7B 1.0.213 and ZKBiosecurity Server version 1.0.020190723, which can be exploited by a remote attacker to submit a special request to create arbitrary users, elevate privileges, and downlo...
ZKTeco FaceDepot and ZKBiosecurity Server Persistent Token Vulnerability
ZKTeco FaceDepot is a face attendance system. A persistent token vulnerability exists in ZKTeco FaceDepot version 7B 1.0.213 and ZKBiosecurity Server version 1.0.020190723, which stems from a lack of two-way authentication in the program, and can be exploited by an attacker to obtain a long-lived...
CVE-2020-17473
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.020190723 allows an attacker to obtain a long-lasting token by impersonating the server...
CVE-2020-17473
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.020190723 allows an attacker to obtain a long-lasting token by impersonating the server...
CVE-2020-17474
A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.020190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database...
CVE-2020-17474
A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.020190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database...
Code injection
A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.020190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database...
Authentication flaw
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.020190723 allows an attacker to obtain a long-lasting token by impersonating the server...
CVE-2020-17474
CVE-2020-17474 concerns a token-reuse vulnerability affecting ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723. The connected documents confirm that a token reuse flaw can enable a remote attacker to submit crafted requests to create arbitrary new users, escalate privileges to ...
CVE-2020-17474
A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.020190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database...
CVE-2020-17473
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.020190723 allows an attacker to obtain a long-lasting token by impersonating the server...
CVE-2020-17473
CVE-2020-17473 affects ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723. The root cause is lack of mutual (two-way) authentication, allowing an attacker to impersonate the server and obtain a long‑lived token. Public details from NVD indicate CVSS v3.1/base score 5.9 (Network, ...