Vulnerabilities > Zkteco > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-03 | CVE-2023-38951 | Path Traversal vulnerability in Zkteco Biotime 8.5.5 A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files via using a malicious SFTP configuration. | 9.8 |
2023-08-03 | CVE-2023-38954 | SQL Injection vulnerability in Zkteco Bioaccess IVS 3.3.1 ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability. | 9.8 |
2020-08-14 | CVE-2020-17474 | Insufficient Session Expiration vulnerability in Zkteco Facedepot 7B Firmware and Zkbiosecurity Server A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database. | 9.8 |