Vulnerabilities > Zkteco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-03 | CVE-2023-38955 | Exposure of Resource to Wrong Sphere vulnerability in Zkteco Bioaccess IVS 3.3.1 ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names. | 7.5 |
| 2023-08-03 | CVE-2023-38956 | Path Traversal vulnerability in Zkteco Bioaccess IVS 3.3.1 A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. | 7.5 |
| 2023-08-03 | CVE-2023-38958 | Incorrect Authorization vulnerability in Zkteco Bioaccess IVS 3.3.1 An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request. | 5.3 |
| 2022-12-25 | CVE-2022-42953 | Forced Browsing vulnerability in Zkteco products Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. | 7.5 |
| 2022-12-09 | CVE-2022-44213 | Cross-site Scripting vulnerability in Zkteco Automatic Data Master Server ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS). | 4.8 |
| 2022-12-06 | CVE-2021-39434 | Weak Password Requirements vulnerability in Zkteco Zktime 11.1.0 A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220. | 7.5 |
| 2022-11-30 | CVE-2022-38801 | Cross-site Scripting vulnerability in Zkteco Biotime 8.5.3 In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting. | 5.4 |
| 2022-11-30 | CVE-2022-38802 | Cross-site Scripting vulnerability in Zkteco Biotime 8.5.3 Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. | 6.2 |
| 2022-11-30 | CVE-2022-38803 | Cross-site Scripting vulnerability in Zkteco Biotime 8.5.3 Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. | 6.8 |
| 2022-11-08 | CVE-2022-30515 | Missing Authentication for Critical Function vulnerability in Zkteco Biotime 8.5.4/8.5.5 ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration. | 5.3 |