Vulnerabilities > Zkteco > Zkbiosecurity Server > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-08-14 CVE-2020-17474 Insufficient Session Expiration vulnerability in Zkteco Facedepot 7B Firmware and Zkbiosecurity Server
A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database.
network
low complexity
zkteco CWE-613
critical
9.8