cbcvebase.
CVE-2023-3938
published 2024-05-21

CVE-2023-3938: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZkTeco-based OEM devices allows an attacker to…

PriorityP423medium4.6CVSS 3.1
AVPACLPRNUINSUCHINAN
EPSS
0.43%
34.6th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.

Affected

1 ranges
VendorProductVersion rangeFixed in
zktecozkteco-based_oem_devices_with_firmware_zam170-nf-1.8.25-7354-ver1.0.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.