Lucene search
K

QR code SQL injection and other vulnerabilities in a popular biometric terminal

🗓️ 11 Jun 2024 08:00:01Reported by Georgy KiguradzeType 
securelist
 securelist
🔗 securelist.com👁 104 Views

Biometric terminal security vulnerabilities and benefits, red team perspectiv

Related
ReporterTitlePublishedViews
Family
BDU FSTEC
The vulnerabilities of the Handler for User Photo Upload Command and the Handler for Picture Upload Command in the microprogrammable biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME allow a perpetrator to gain unauthorized access, enabling them to read, modify, or delete data.
4 Jul 202400:00
bdu_fstec
BDU FSTEC
The vulnerability of microprogrammed biometric terminal software for ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME lies in errors in processing the relative path to the catalog. This allows intruders to circumvent security restrictions and gain unauthorized access to protected information.
4 Jul 202400:00
bdu_fstec
BDU FSTEC
The vulnerabilities of the Handler for User Photo Delete and Handler for Picture Delete Commands components, as well as the Cloud Service Command Handlers (PushCommandExecute) of the microprogramming software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME, allow a intruder to execute arbitrary commands.
4 Jul 202400:00
bdu_fstec
BDU FSTEC
The vulnerability of the microprogrammed software of the biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME lies in buffer overflow attacks on the glass components, allowing intruders to execute arbitrary codes.
12 Jul 202400:00
bdu_fstec
BDU FSTEC
The vulnerability of microprogrammed software in biometric terminal models ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME arises from the lack of protective measures for the SQL query structure. This allows attackers to execute arbitrary SQL code, circumvent security restrictions, and gain unauthorized access to protected information.
12 Jul 202400:00
bdu_fstec
Circl
CVE-2023-3938
12 Jun 202415:10
circl
Circl
CVE-2023-3939
12 Jun 202415:10
circl
Circl
CVE-2023-3940
12 Jun 202415:10
circl
Circl
CVE-2023-3941
12 Jun 202415:10
circl
Circl
CVE-2023-3942
12 Jun 202415:10
circl
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

11 Jun 2024 08:00Current
9High risk
Vulners AI Score9
CVSS 3.110
EPSS0.01324
SSVC
104