Lucene search

MitreCVE-2022-42953

HistoryDec 25, 2022 - 5:15 a.m.

CVE-2022-42953

2022-12-2505:15:10

CWE-425

mitre

web.nvd.nist.gov

131

zkteco

product

security

vulnerability

cve-2022-42953

information disclosure

firmware

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.034

Percentile

91.5%

JSON

Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be before 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210). The fixed versions are firmware version 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and firmware version 15.00 (ZMM200-220-210).

Affected configurations

Nvd

Node

zktecozmm200Match-

AND

zktecozmm200_firmwareRange<15.00

Node

zktecozmm210Match-

AND

zktecozmm210_firmwareRange<15.00

Node

zktecozmm220Match-

AND

zktecozmm220_firmwareRange<15.00

Node

zktecozem720Match-

AND

zktecozem720_firmwareRange<8.88

Node

zktecozem600Match-

AND

zktecozem600_firmwareRange<8.88

Node

zktecozem800Match-

AND

zktecozem800_firmwareRange<8.88

Node

zktecozem510Match-

AND

zktecozem510_firmwareRange<8.88

Node

zktecozem560_firmwareRange<8.88

AND

zktecozem560Match-

Node

zktecozem760_firmwareRange<8.88

AND

zktecozem760Match-

Node

zktecozem500_firmwareRange<8.88

AND

zktecozem500Match-

VendorProductVersionCPE
zktecozmm200-cpe:2.3:h:zkteco:zmm200:-:*:*:*:*:*:*:*
zktecozmm200_firmware*cpe:2.3:o:zkteco:zmm200_firmware:*:*:*:*:*:*:*:*
zktecozmm210-cpe:2.3:h:zkteco:zmm210:-:*:*:*:*:*:*:*
zktecozmm210_firmware*cpe:2.3:o:zkteco:zmm210_firmware:*:*:*:*:*:*:*:*
zktecozmm220-cpe:2.3:h:zkteco:zmm220:-:*:*:*:*:*:*:*
zktecozmm220_firmware*cpe:2.3:o:zkteco:zmm220_firmware:*:*:*:*:*:*:*:*
zktecozem720-cpe:2.3:h:zkteco:zem720:-:*:*:*:*:*:*:*
zktecozem720_firmware*cpe:2.3:o:zkteco:zem720_firmware:*:*:*:*:*:*:*:*
zktecozem600-cpe:2.3:h:zkteco:zem600:-:*:*:*:*:*:*:*
zktecozem600_firmware*cpe:2.3:o:zkteco:zem600_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zkteco	zmm200	-	cpe:2.3:h:zkteco:zmm200:-:::::::*
zkteco	zmm200_firmware	*	cpe:2.3:o:zkteco:zmm200_firmware::::::::
zkteco	zmm210	-	cpe:2.3:h:zkteco:zmm210:-:::::::*
zkteco	zmm210_firmware	*	cpe:2.3:o:zkteco:zmm210_firmware::::::::
zkteco	zmm220	-	cpe:2.3:h:zkteco:zmm220:-:::::::*
zkteco	zmm220_firmware	*	cpe:2.3:o:zkteco:zmm220_firmware::::::::
zkteco	zem720	-	cpe:2.3:h:zkteco:zem720:-:::::::*
zkteco	zem720_firmware	*	cpe:2.3:o:zkteco:zem720_firmware::::::::
zkteco	zem600	-	cpe:2.3:h:zkteco:zem600:-:::::::*
zkteco	zem600_firmware	*	cpe:2.3:o:zkteco:zem600_firmware::::::::

Rows per page:

1-10 of 201

References

seclists.org/fulldisclosure/2022/Oct/23

www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.034

Percentile

91.5%

JSON

Related for CVE-2022-42953