CVE-2023-4587

CVE-2023-4587 describes an insecure direct object reference (IDOR) in the ZKTeco ZEM800, version 6.60. A local attacker can obtain registered user backup files or device configuration files over a local network or via VPN. The vulnerability is rooted in access to sensitive object data without pro...