The vulnerability of the microprogrammed software of the biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME lies in buffer overflow attacks on the glass components, allowing intruders to execute arbitrary codes.

The vulnerability of microprogrammed software in biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME stems from buffer overflows in the stack due to the absence of protection mechanisms like Canary and PIE. Exploiting this vulnerability allows an attacker operating...

The vulnerability of microprogrammed software in biometric terminal models ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME arises from the lack of protective measures for the SQL query structure. This allows attackers to execute arbitrary SQL code, circumvent security restrictions, and gain unauthorized access to protected information.

The vulnerability of microprogrammed software in biometric terminal devices such as ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows attackers to execute arbitrary SQL code,...

The vulnerability of microprogrammed biometric terminal software for ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME lies in errors in processing the relative path to the catalog. This allows intruders to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of microprogrammed software in biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME is related to errors in processing the relative path to the catalog. Exploiting this vulnerability can allow an attacker, operating remotely, to circumvent security...

The vulnerabilities of the Handler for User Photo Upload Command and the Handler for Picture Upload Command in the microprogrammable biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME allow a perpetrator to gain unauthorized access, enabling them to read, modify, or delete data.

The vulnerability of the Handler for User Photo Upload Command and Handler for Picture Upload Command components of the microprogrammed software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME is related to errors in processing the relative path to the catalog...

The vulnerabilities of the Handler for User Photo Delete and Handler for Picture Delete Commands components, as well as the Cloud Service Command Handlers (PushCommandExecute) of the microprogramming software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME, allow a intruder to execute arbitrary commands.

The vulnerabilities of the Handler for User Photo Delete and Handler for Picture Delete Commands, as well as the Cloud Service Command Handlers PushCommandExecute in the microprogramming software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME, are related to th...

CVE-2023-3941 Multiple arbitrary file writes in ZkTeco-based OEM devices

Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others with the ZAM170-NF-1.8.25-7354-Ver1.0.0...

CVE-2023-3940 Multiple arbitrary file reads in ZkTeco-based OEM devices

Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others...

CVE-2023-3939

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects...

CVE-2023-3939 Multiple command injection in ZkTeco-based OEM devices

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects...

ZkTeco OEM 路径遍历漏洞

ZkTeco OEM is an intelligent system from the Chinese company ZkTeco. ZkTeco OEM suffers from a path traversal vulnerability that originates from allowing an attacker to access any file on the system. The following products and versions are affected: ZkTeco ProFace X, Smartec ST-FR043, Smartec...

ZkTeco ProFace X、Smartec ST-FR043、Smartec ST-FR041ME、ZAM170-NF-1.8.25-7354-Ver1.0.0 SQL注入漏洞

ZkTeco OEM is an intelligent system from ZkTeco China. A SQL injection vulnerability exists in ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME, and ZAM170-NF-1.8.25-7354-Ver1.0.0 versions, which stems from the lack of certain protection mechanisms and allows an attacker to execute arbitrar...

ZkTeco OEM SQL注入漏洞

ZkTeco OEM is an intelligent system from the Chinese company ZkTeco. ZkTeco OEM suffers from a SQL injection vulnerability that arises from an improper neutralization of special elements used in SQL commands, allowing an attacker to impersonate another user or perform unauthorized actions. The...

ZkTeco OEM 路径遍历漏洞

ZkTeco OEM is an intelligent system from the Chinese company ZkTeco. A path traversal vulnerability exists in ZkTeco OEM that originates from allowing an attacker to write to any file on the system with root privileges. The following products and versions are affected: ZkTeco ProFace X, Smartec...

PT-2024-4481 · Smartec +1 · Smartec St-Fr041Me +2

Name of the Vulnerable Software and Affected Versions: ZkTeco ProFace X versions ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others Smartec ST-FR043 versions ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others Smartec ST-FR041ME versions ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others...

ZkTeco OEM SQL注入漏洞

ZkTeco OEM is an intelligent system from the Chinese company ZkTeco. ZkTeco OEM suffers from a SQL injection vulnerability that stems from incorrect neutralization of special elements used in SQL commands, allowing an attacker to authenticate under any user in the device database. The following...

ZkTeco OEM 安全漏洞

ZkTeco OEM is an intelligent system from the Chinese company ZkTeco. A security vulnerability exists in ZkTeco OEM that stems from incorrect neutralization of special elements used in operating system commands. The following products and versions are affected: ZkTeco ProFace X, Smartec ST-FR043,...

profaceprofielen.nl Cross Site Scripting vulnerability OBB-1273818

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Proface America SP-5500TP Control Panel

Binary data 764816.prm...

Proface America SP-5600TA Control Panel

Binary data 764817.prm...

Proface America SP-5700WC Control Panel

Binary data 764810.prm...