VYPR

Vendor CVEs

Zkteco

All CVEs

57 total · sorted by risk
  • CVE-2022-38802Nov 30, 2022
    risk 0.00cvss epss 0.01

    Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a…

  • CVE-2022-30515Nov 8, 2022
    risk 0.00cvss epss 0.01

    ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration.

  • CVE-2022-36634Oct 7, 2022
    risk 0.00cvss epss 0.01

    An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request.

  • CVE-2022-36635Oct 7, 2022
    risk 0.00cvss epss 0.17

    ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do.

  • CVE-2022-40472Sep 29, 2022
    risk 0.00cvss epss 0.01

    ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message…

  • CVE-2020-17474Aug 14, 2020
    risk 0.00cvss epss 0.01

    A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database.

  • CVE-2020-17473Aug 14, 2020
    risk 0.00cvss epss 0.01

    Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.

Page 2 of 2