Vulnerabilities > Zkteco > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-08-14 CVE-2020-17473 Insufficient Session Expiration vulnerability in Zkteco Facedepot 7B Firmware and Zkbiosecurity Server
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.
network
high complexity
zkteco CWE-613
5.9
2017-12-04 CVE-2017-17057 Cross-site Scripting vulnerability in Zkteco Zktime web 2.0.1.12280
There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280.
network
low complexity
zkteco CWE-79
6.1