VYPR
Medium severity4.3NVD Advisory· Published Mar 8, 2024· Updated Apr 29, 2026

CVE-2024-2318

CVE-2024-2318

Description

A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbio_media.sql leads to path traversal: '../filedir'. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.3 Build 2025-05-26-1605 is able to address this issue. It is recommended to upgrade the affected component.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:zkteco:zkbio_media:2.0.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:zkteco:zkbio_media:2.0.0:*:*:*:*:*:*:*
    • (no CPE)range: = 2.0.0_x64_2024-01-29-1028

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.