Lucene search

KasperskyCVELIST:CVE-2023-3940

HistoryMay 21, 2024 - 10:15 a.m.

CVE-2023-3940 Multiple arbitrary file reads in ZkTeco-based OEM devices

2024-05-2110:15:52

CWE-23

Kaspersky

www.cve.org

zkteco

oem devices

file reads

path traversal

vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

9.0%

JSON

Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker
to access any file on the system.

This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly others.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
    "vendor": "ZkTeco",
    "versions": [
      {
        "status": "affected",
        "version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
      }
    ]
  }
]

References

github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-3940