Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for ZKTeco ZKTime.Net by ZKTeco Inc.

    CVE-2016-20024 (GCVE-0-2016-20024)

    Vulnerability from nvd – Published: 2026-03-15 13:35 – Updated: 2026-06-08 15:11 Unsupported When Assigned
    VLAI
    Title
    ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation
    Summary
    ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
    Assigner
    Impacted products
    Vendor Product Version
    ZKTeco Inc. ZKTeco ZKTime.Net Affected: 3.0.1.6
    Affected: 3.0.1.5 (160622)
    Affected: 3.0.1.1 (160216)
    Create a notification for this product.
    Date Public
    2016-08-30 00:00
    Credits
    LiquidWorm as Gjoko Krstic of Zero Science Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2016-20024",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T14:15:52.330964Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T14:20:21.142Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZKTeco ZKTime.Net",
              "vendor": "ZKTeco Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.1.6"
                },
                {
                  "status": "affected",
                  "version": "3.0.1.5 (160622)"
                },
                {
                  "status": "affected",
                  "version": "3.0.1.1 (160216)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
            }
          ],
          "datePublic": "2016-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-538",
                  "description": "Insertion of Sensitive Information into Externally-Accessible File or Directory",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T15:11:15.879Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "Zero Science Lab Disclosure",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php"
            },
            {
              "name": "CXSecurity",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cxsecurity.com/issue/WLB-2016080264"
            },
            {
              "name": "IBM X-Force Exchange",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116487"
            },
            {
              "name": "Packet Storm Security",
              "tags": [
                "exploit"
              ],
              "url": "https://packetstormsecurity.com/files/138565"
            },
            {
              "name": "Reference",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/40322/"
            },
            {
              "name": "VulnCheck Advisory: ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/zkteco-zktime-net-insecure-file-permissions-privilege-escalation"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "The affected software ZKTime.Net has been officially discontinued. It is recommended that all users switch to using ZKBio Time.Net software. ZKBio Time.Net has fixed this vulnerability. It is recommended that users use the latest version of ZKBio Time.Net to eliminate the risk."
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2016-20024",
        "datePublished": "2026-03-15T13:35:11.360Z",
        "dateReserved": "2026-03-15T12:36:03.511Z",
        "dateUpdated": "2026-06-08T15:11:15.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2016-20024 (GCVE-0-2016-20024)

    Vulnerability from cvelistv5 – Published: 2026-03-15 13:35 – Updated: 2026-06-08 15:11 Unsupported When Assigned
    VLAI
    Title
    ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation
    Summary
    ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
    Assigner
    Impacted products
    Vendor Product Version
    ZKTeco Inc. ZKTeco ZKTime.Net Affected: 3.0.1.6
    Affected: 3.0.1.5 (160622)
    Affected: 3.0.1.1 (160216)
    Create a notification for this product.
    Date Public
    2016-08-30 00:00
    Credits
    LiquidWorm as Gjoko Krstic of Zero Science Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2016-20024",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T14:15:52.330964Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T14:20:21.142Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZKTeco ZKTime.Net",
              "vendor": "ZKTeco Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.1.6"
                },
                {
                  "status": "affected",
                  "version": "3.0.1.5 (160622)"
                },
                {
                  "status": "affected",
                  "version": "3.0.1.1 (160216)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
            }
          ],
          "datePublic": "2016-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-538",
                  "description": "Insertion of Sensitive Information into Externally-Accessible File or Directory",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T15:11:15.879Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "Zero Science Lab Disclosure",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php"
            },
            {
              "name": "CXSecurity",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cxsecurity.com/issue/WLB-2016080264"
            },
            {
              "name": "IBM X-Force Exchange",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116487"
            },
            {
              "name": "Packet Storm Security",
              "tags": [
                "exploit"
              ],
              "url": "https://packetstormsecurity.com/files/138565"
            },
            {
              "name": "Reference",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/40322/"
            },
            {
              "name": "VulnCheck Advisory: ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/zkteco-zktime-net-insecure-file-permissions-privilege-escalation"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "The affected software ZKTime.Net has been officially discontinued. It is recommended that all users switch to using ZKBio Time.Net software. ZKBio Time.Net has fixed this vulnerability. It is recommended that users use the latest version of ZKBio Time.Net to eliminate the risk."
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2016-20024",
        "datePublished": "2026-03-15T13:35:11.360Z",
        "dateReserved": "2026-03-15T12:36:03.511Z",
        "dateUpdated": "2026-06-08T15:11:15.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }