CVE-2024-35431

1976-01-0100:00:00

mitre

github.com

AI Score

6.8

Confidence

High

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

partial

JSON

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:zkteco:zkbio_cvsecurity:6.11:*:*:*:*:*:*:*"
    ],
    "vendor": "zkteco",
    "product": "zkbio_cvsecurity",
    "versions": [
      {
        "status": "affected",
        "version": "6.11"
      }
    ],
    "defaultStatus": "unknown"
  }
]