CVE-2023-3941
published 2024-05-21CVE-2023-3941: Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects…
PriorityP263critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.92%
55.7th percentile
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker
to write any file on the system with root privileges.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly others.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zkteco | zkteco-based_oem_devices_with_firmware_zam170-nf-1.8.25-7354-ver1.0.0 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Securelist
Analyzing the security properties of a ZKTeco biometric terminal
blogs_securelist·2024-06-11·CVSS 4.6
[MEDIUM] Analyzing the security properties of a ZKTeco biometric terminal
Table of Contents
- A brief overview of biometric terminals
- A brief overview of the device in question.
- Black box analysis
- Getting and unpacking the firmware
- Analyzing the protocol on port 4370/TCP
- pushcomm analysis
- QR code handler analysis
- Conclusion
Authors
- Georgy Kiguradze
Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech, have their weaknesses. This article touches on biometric scanner security from the red team’s perspective and uses the example of a popular hybrid terminal model to demonstrate approaches to scanner analy
Securelist
QR code SQL injection and other vulnerabilities in a popular biometric terminal
blogs_securelist·2024-06-11·CVSS 4.6
[MEDIUM] QR code SQL injection and other vulnerabilities in a popular biometric terminal
Table of Contents
A brief overview of biometric terminals
A brief overview of the device in question.
Black box analysis
Circuit analysis
Network analysis
Camera and QR code scanner analysis
Getting and unpacking the firmware
Searching the web for the firmware
Getting the firmware from the flash memory
Analyzing the protocol on port 4370/TCP
Protocol authentication and its issues
Vulnerability analysis of command handlers
pushcomm analysis
QR code handler analysis
Conclusion
Authors
Georgy Kiguradze
Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners
2024-05-21
Published