cbcvebase.

Zkteco Zkteco-Based Oem Devices With Firmware Zam170-Nf-1.8.25-7354-Ver1.0.0 vulnerabilities

5 known vulnerabilities affecting zkteco/zkteco-based_oem_devices_with_firmware_zam170-nf-1.8.25-7354-ver1.0.0.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2023-3939P2CRITICALCVSS 10.0vZAM170-NF-1.8.25-7354-Ver1.0.02024-05-21
CVE-2023-3939 [CRITICAL] CWE-78 CVE-2023-3939: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerab Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR
nvd
CVE-2023-3943P2CRITICALCVSS 10.0vZAM170-NF-1.8.25-7354-Ver1.0.02024-05-21
CVE-2023-3943 [CRITICAL] CWE-121 CVE-2023-3943: Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the exe Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec S
nvd
CVE-2023-3941P2CRITICALCVSS 10.0vZAM170-NF-1.8.25-7354-Ver1.0.02024-05-21
CVE-2023-3941 [CRITICAL] CWE-23 CVE-2023-3941: Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
nvd
CVE-2023-3940P3HIGHCVSS 7.5vZAM170-NF-1.8.25-7354-Ver1.0.02024-05-21
CVE-2023-3940 [HIGH] CWE-23 CVE-2023-3940: Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
nvd
CVE-2023-3938P4MEDIUMCVSS 4.6vZAM170-NF-1.8.25-7354-Ver1.0.02024-05-21
CVE-2023-3938 [MEDIUM] CWE-89 CVE-2023-3938: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-735
nvd
Zkteco Zkteco-Based Oem Devices With Firmware Zam170-Nf-1.8.25-7354-Ver1.0.0 vulnerabilities | cvebase