CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
91.5%
Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be before 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210). The fixed versions are firmware version 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and firmware version 15.00 (ZMM200-220-210).
Vendor | Product | Version | CPE |
---|---|---|---|
zkteco | zmm200 | - | cpe:2.3:h:zkteco:zmm200:-:*:*:*:*:*:*:* |
zkteco | zmm200_firmware | * | cpe:2.3:o:zkteco:zmm200_firmware:*:*:*:*:*:*:*:* |
zkteco | zmm210 | - | cpe:2.3:h:zkteco:zmm210:-:*:*:*:*:*:*:* |
zkteco | zmm210_firmware | * | cpe:2.3:o:zkteco:zmm210_firmware:*:*:*:*:*:*:*:* |
zkteco | zmm220 | - | cpe:2.3:h:zkteco:zmm220:-:*:*:*:*:*:*:* |
zkteco | zmm220_firmware | * | cpe:2.3:o:zkteco:zmm220_firmware:*:*:*:*:*:*:*:* |
zkteco | zem720 | - | cpe:2.3:h:zkteco:zem720:-:*:*:*:*:*:*:* |
zkteco | zem720_firmware | * | cpe:2.3:o:zkteco:zem720_firmware:*:*:*:*:*:*:*:* |
zkteco | zem600 | - | cpe:2.3:h:zkteco:zem600:-:*:*:*:*:*:*:* |
zkteco | zem600_firmware | * | cpe:2.3:o:zkteco:zem600_firmware:*:*:*:*:*:*:*:* |