Vendor CVEs
Zkteco
All CVEs
57 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-38802 | 0.00 | — | 0.01 | Nov 30, 2022 | Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a… | |||
| CVE-2022-30515 | 0.00 | — | 0.01 | Nov 8, 2022 | ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration. | |||
| CVE-2022-36634 | 0.00 | — | 0.01 | Oct 7, 2022 | An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request. | |||
| CVE-2022-36635 | 0.00 | — | 0.17 | Oct 7, 2022 | ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do. | |||
| CVE-2022-40472 | 0.00 | — | 0.01 | Sep 29, 2022 | ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message… | |||
| CVE-2020-17474 | 0.00 | — | 0.01 | Aug 14, 2020 | A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database. | |||
| CVE-2020-17473 | 0.00 | — | 0.01 | Aug 14, 2020 | Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server. |
- CVE-2022-38802Nov 30, 2022risk 0.00cvss —epss 0.01
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a…
- CVE-2022-30515Nov 8, 2022risk 0.00cvss —epss 0.01
ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration.
- CVE-2022-36634Oct 7, 2022risk 0.00cvss —epss 0.01
An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request.
- CVE-2022-36635Oct 7, 2022risk 0.00cvss —epss 0.17
ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do.
- CVE-2022-40472Sep 29, 2022risk 0.00cvss —epss 0.01
ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message…
- CVE-2020-17474Aug 14, 2020risk 0.00cvss —epss 0.01
A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database.
- CVE-2020-17473Aug 14, 2020risk 0.00cvss —epss 0.01
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.
Page 2 of 2