Vulnerabilities > CVE-2023-38949 - Unspecified vulnerability in Zkteco Biotime 8.5.5

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
zkteco

Summary

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request.

Vulnerable Configurations

Part Description Count
Application
Zkteco
1