CVE-2023-3943
published 2024-05-21CVE-2023-3943: Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection…
PriorityP266critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.95%
56.7th percentile
Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)
with firmware
ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zkteco | zkteco-based_oem_devices_with_firmware_zam170-nf-1.8.25-7354-ver1.0.0 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Securelist
Analyzing the security properties of a ZKTeco biometric terminal
blogs_securelist·2024-06-11·CVSS 4.6
[MEDIUM] Analyzing the security properties of a ZKTeco biometric terminal
Table of Contents
- A brief overview of biometric terminals
- A brief overview of the device in question.
- Black box analysis
- Getting and unpacking the firmware
- Analyzing the protocol on port 4370/TCP
- pushcomm analysis
- QR code handler analysis
- Conclusion
Authors
- Georgy Kiguradze
Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech, have their weaknesses. This article touches on biometric scanner security from the red team’s perspective and uses the example of a popular hybrid terminal model to demonstrate approaches to scanner analy
Securelist
QR code SQL injection and other vulnerabilities in a popular biometric terminal
blogs_securelist·2024-06-11·CVSS 4.6
[MEDIUM] QR code SQL injection and other vulnerabilities in a popular biometric terminal
Table of Contents
A brief overview of biometric terminals
A brief overview of the device in question.
Black box analysis
Circuit analysis
Network analysis
Camera and QR code scanner analysis
Getting and unpacking the firmware
Searching the web for the firmware
Getting the firmware from the flash memory
Analyzing the protocol on port 4370/TCP
Protocol authentication and its issues
Vulnerability analysis of command handlers
pushcomm analysis
QR code handler analysis
Conclusion
Authors
Georgy Kiguradze
Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners
2024-05-21
Published