Vulnerabilities > CVE-2023-38958 - Incorrect Authorization vulnerability in Zkteco Bioaccess IVS 3.3.1

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
zkteco
CWE-863

Summary

An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request.

Vulnerable Configurations

Part Description Count
Application
Zkteco
1

Common Weakness Enumeration (CWE)