Vulnerabilities > CVE-2023-4587 - Authorization Bypass Through User-Controlled Key vulnerability in Zkteco Zem800 Firmware 6.60

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
zkteco
CWE-639

Summary

An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server.

Vulnerable Configurations

Part Description Count
OS
Zkteco
1
Hardware
Zkteco
1