Zkteco Zkteco-Based Oem Devices With Firmware Zam170-Nf-1.8.25-7354-Ver1.0.0 vulnerabilities
5 known vulnerabilities affecting zkteco/zkteco-based_oem_devices_with_firmware_zam170-nf-1.8.25-7354-ver1.0.0.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-3939P2CRITICALCVSS 10.0vZAM170-NF-1.8.25-7354-Ver1.0.02024-05-21
CVE-2023-3939 [CRITICAL] CWE-78 CVE-2023-3939: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerab
Improper Neutralization of Special Elements used in an OS Command ('OS
Command Injection') vulnerability in ZkTeco-based OEM devices allows OS
Command Injection.
Since all the found command implementations are executed from the
superuser, their impact is the maximum possible.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR
nvd
CVE-2023-3943P2CRITICALCVSS 10.0vZAM170-NF-1.8.25-7354-Ver1.0.02024-05-21
CVE-2023-3943 [CRITICAL] CWE-121 CVE-2023-3943: Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the exe
Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec S
nvd
CVE-2023-3941P2CRITICALCVSS 10.0vZAM170-NF-1.8.25-7354-Ver1.0.02024-05-21
CVE-2023-3941 [CRITICAL] CWE-23 CVE-2023-3941: Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker
to write any file on the system with root privileges.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly others.
nvd
CVE-2023-3940P3HIGHCVSS 7.5vZAM170-NF-1.8.25-7354-Ver1.0.02024-05-21
CVE-2023-3940 [HIGH] CWE-23 CVE-2023-3940: Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker
to access any file on the system.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly others.
nvd
CVE-2023-3938P4MEDIUMCVSS 4.6vZAM170-NF-1.8.25-7354-Ver1.0.02024-05-21
CVE-2023-3938 [MEDIUM] CWE-89 CVE-2023-3938: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL
Injection') vulnerability in ZkTeco-based OEM devices allows an
attacker
to authenticate under any user from the device database.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-735
nvd