Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 by ZkTeco

    CVE-2023-3943 (GCVE-0-2023-3943)

    Vulnerability from nvd – Published: 2024-05-21 13:32 – Updated: 2024-08-02 07:08
    VLAI
    Title
    Multiple buffer overflow in ZkTeco-based OEM devices
    Summary
    Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    ZkTeco ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 Affected: ZAM170-NF-1.8.25-7354-Ver1.0.0
    Create a notification for this product.
    zkteco facedepot_7b Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zkteco smartec_st_fr041me Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zkteco smartec_st_fr043 Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    The vulnerability was discovered by Georgy Kiguradze from Kaspersky
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "facedepot_7b",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartec_st_fr041me",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartec_st_fr043",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3943",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-21T15:03:22.339568Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:17:30.843Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.662Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
              "vendor": "ZkTeco",
              "versions": [
                {
                  "status": "affected",
                  "version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\u003cbr\u003e\u003cp\u003e\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\n\n with firmware \nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.\n\n\n\n\u003c/p\u003e"
                }
              ],
              "value": "Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\n\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\n\n with firmware \nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100: Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-21T13:32:47.870Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2023-05-01T21:00:00.000Z",
              "value": "Vulnerability discovered."
            },
            {
              "lang": "en",
              "time": "2023-09-19T14:00:00.000Z",
              "value": "Initial request to PSIRT@zkteco.com."
            },
            {
              "lang": "en",
              "time": "2023-10-03T13:18:00.000Z",
              "value": "Follow-up with PSIRT@zkteco.com due to no initial response."
            },
            {
              "lang": "en",
              "time": "2023-12-20T10:46:00.000Z",
              "value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
            },
            {
              "lang": "en",
              "time": "2024-05-21T13:32:00.000Z",
              "value": "No response from vendor; CVE details added to CVE.org."
            }
          ],
          "title": "Multiple buffer overflow in ZkTeco-based OEM devices",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2023-3943",
        "datePublished": "2024-05-21T13:32:47.870Z",
        "dateReserved": "2023-07-25T14:17:34.611Z",
        "dateUpdated": "2024-08-02T07:08:50.662Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3941 (GCVE-0-2023-3941)

    Vulnerability from nvd – Published: 2024-05-21 10:20 – Updated: 2024-08-02 07:08
    VLAI
    Title
    Multiple arbitrary file writes in ZkTeco-based OEM devices
    Summary
    Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    ZkTeco ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 Affected: ZAM170-NF-1.8.25-7354-Ver1.0.0
    Create a notification for this product.
    zkteco smartec_st_fr041me Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zkteco facedepot_7b Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zkteco smartec_st_fr043 Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    The vulnerability was discovered by Georgy Kiguradze from Kaspersky
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartec_st_fr041me",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "facedepot_7b",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartec_st_fr043",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3941",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-21T14:59:40.293850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:17:35.737Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.697Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
              "vendor": "ZkTeco",
              "versions": [
                {
                  "status": "affected",
                  "version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker \n\nto write any file on the system with root privileges.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker \n\nto write any file on the system with root privileges.\n\n\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126: Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-21T10:20:39.827Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-27T21:00:00.000Z",
              "value": "Vulnerability discovered."
            },
            {
              "lang": "en",
              "time": "2023-09-19T14:00:00.000Z",
              "value": "Initial request to PSIRT@zkteco.com."
            },
            {
              "lang": "en",
              "time": "2023-10-03T13:18:00.000Z",
              "value": "Follow-up with PSIRT@zkteco.com due to no initial response."
            },
            {
              "lang": "en",
              "time": "2023-12-20T10:46:00.000Z",
              "value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
            },
            {
              "lang": "en",
              "time": "2024-05-21T10:20:00.000Z",
              "value": "No response from vendor; CVE details added to CVE.org."
            }
          ],
          "title": "Multiple arbitrary file writes in ZkTeco-based OEM devices",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2023-3941",
        "datePublished": "2024-05-21T10:20:39.827Z",
        "dateReserved": "2023-07-25T13:59:28.328Z",
        "dateUpdated": "2024-08-02T07:08:50.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3940 (GCVE-0-2023-3940)

    Vulnerability from nvd – Published: 2024-05-21 10:15 – Updated: 2024-08-02 07:08
    VLAI
    Title
    Multiple arbitrary file reads in ZkTeco-based OEM devices
    Summary
    Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    ZkTeco ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 Affected: ZAM170-NF-1.8.25-7354-Ver1.0.0
    Create a notification for this product.
    zkteco facedepot_7b Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zkteco smartec_st_fr043 Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zkteco smartec_st_fr041me Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    The vulnerability was discovered by Georgy Kiguradze from Kaspersky
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "facedepot_7b",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartec_st_fr043",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartec_st_fr041me",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3940",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-21T15:00:35.875389Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:17:36.995Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.683Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
              "vendor": "ZkTeco",
              "versions": [
                {
                  "status": "affected",
                  "version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker \nto access any file on the system.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker \nto access any file on the system.\n\n\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126: Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-21T10:15:52.699Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-27T21:00:00.000Z",
              "value": "Vulnerability discovered."
            },
            {
              "lang": "en",
              "time": "2023-09-19T14:00:00.000Z",
              "value": "Initial request to PSIRT@zkteco.com."
            },
            {
              "lang": "en",
              "time": "2023-10-03T13:18:00.000Z",
              "value": "Follow-up with PSIRT@zkteco.com due to no initial response."
            },
            {
              "lang": "en",
              "time": "2023-12-20T10:46:00.000Z",
              "value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
            },
            {
              "lang": "en",
              "time": "2024-05-21T10:15:00.000Z",
              "value": "No response from vendor; CVE details added to CVE.org."
            }
          ],
          "title": "Multiple arbitrary file reads in ZkTeco-based OEM devices",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2023-3940",
        "datePublished": "2024-05-21T10:15:52.699Z",
        "dateReserved": "2023-07-25T13:57:11.798Z",
        "dateUpdated": "2024-08-02T07:08:50.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3939 (GCVE-0-2023-3939)

    Vulnerability from nvd – Published: 2024-05-21 09:45 – Updated: 2024-08-02 07:08
    VLAI
    Title
    Multiple command injection in ZkTeco-based OEM devices
    Summary
    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ZkTeco ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 Affected: ZAM170-NF-1.8.25-7354-Ver1.0.0
    Create a notification for this product.
    zkteco facedepot_7b Affected: - , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zkteco smartec_st_fr043 Affected: * , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zkteco smartec_st_fr041me Affected: * , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    The vulnerability was discovered by Georgy Kiguradze from Kaspersky
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "facedepot_7b",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "-",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartec_st_fr043",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "*",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartec_st_fr041me",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "*",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3939",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-21T15:01:31.459687Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:17:32.124Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.765Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
              "vendor": "ZkTeco",
              "versions": [
                {
                  "status": "affected",
                  "version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\nImproper Neutralization of Special Elements used in an OS Command (\u0027OS \nCommand Injection\u0027) vulnerability in ZkTeco-based OEM devices allows OS \nCommand Injection. \nSince all the found command implementations are executed from the \nsuperuser, their impact is the maximum possible.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly other.\n\n"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS \nCommand Injection\u0027) vulnerability in ZkTeco-based OEM devices allows OS \nCommand Injection. \nSince all the found command implementations are executed from the \nsuperuser, their impact is the maximum possible.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly other."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-21T10:11:07.376Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-27T21:00:00.000Z",
              "value": "Vulnerability discovered."
            },
            {
              "lang": "en",
              "time": "2023-09-19T14:00:00.000Z",
              "value": "Initial request to PSIRT@zkteco.com."
            },
            {
              "lang": "en",
              "time": "2023-10-03T13:18:00.000Z",
              "value": "Follow-up with PSIRT@zkteco.com due to no initial response."
            },
            {
              "lang": "en",
              "time": "2023-12-20T10:46:00.000Z",
              "value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
            },
            {
              "lang": "en",
              "time": "2024-05-21T09:44:00.000Z",
              "value": "No response from vendor; CVE details added to CVE.org."
            }
          ],
          "title": "Multiple command injection in ZkTeco-based OEM devices",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2023-3939",
        "datePublished": "2024-05-21T09:45:00.639Z",
        "dateReserved": "2023-07-25T13:51:45.777Z",
        "dateUpdated": "2024-08-02T07:08:50.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3938 (GCVE-0-2023-3938)

    Vulnerability from nvd – Published: 2024-05-21 09:32 – Updated: 2024-08-02 07:08
    VLAI
    Title
    Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code
    Summary
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects  ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ZkTeco ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 Affected: ZAM170-NF-1.8.25-7354-Ver1.0.0
    Create a notification for this product.
    zkteco smartec_st_fr043 Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zkteco smartec_st_fr041me Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zkteco facedepot_7b Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    The vulnerability was discovered by Alexander Zaytsev from Kaspersky
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartec_st_fr043",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartec_st_fr041me",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "facedepot_7b",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3938",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-21T15:02:22.205077Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-18T18:12:06.498Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.673Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-001.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
              "vendor": "ZkTeco",
              "versions": [
                {
                  "status": "affected",
                  "version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The vulnerability was discovered by Alexander Zaytsev from Kaspersky"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nImproper Neutralization of Special Elements used in an SQL Command (\u0027SQL\n Injection\u0027) vulnerability in ZkTeco-based OEM devices allows an \nattacker \n to authenticate under any user from the device database.\n\nThis issue affects\u0026nbsp;\n\n\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others.\n\n"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL\n Injection\u0027) vulnerability in ZkTeco-based OEM devices allows an \nattacker \n to authenticate under any user from the device database.\n\nThis issue affects\u00a0\n\n\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-21T10:14:30.409Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-001.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-04T21:00:00.000Z",
              "value": "Vulnerability discovered."
            },
            {
              "lang": "en",
              "time": "2023-09-19T14:00:00.000Z",
              "value": "Initial request to PSIRT@zkteco.com."
            },
            {
              "lang": "en",
              "time": "2023-10-03T13:18:00.000Z",
              "value": "Follow-up with PSIRT@zkteco.com due to no initial response."
            },
            {
              "lang": "en",
              "time": "2023-12-20T10:46:00.000Z",
              "value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
            },
            {
              "lang": "en",
              "time": "2024-05-21T09:31:00.000Z",
              "value": "No response from vendor; CVE details added to CVE.org."
            }
          ],
          "title": "Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2023-3938",
        "datePublished": "2024-05-21T09:32:15.305Z",
        "dateReserved": "2023-07-25T13:42:20.770Z",
        "dateUpdated": "2024-08-02T07:08:50.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3943 (GCVE-0-2023-3943)

    Vulnerability from cvelistv5 – Published: 2024-05-21 13:32 – Updated: 2024-08-02 07:08
    VLAI
    Title
    Multiple buffer overflow in ZkTeco-based OEM devices
    Summary
    Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    ZkTeco ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 Affected: ZAM170-NF-1.8.25-7354-Ver1.0.0
    Create a notification for this product.
    zkteco facedepot_7b Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zkteco smartec_st_fr041me Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zkteco smartec_st_fr043 Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    The vulnerability was discovered by Georgy Kiguradze from Kaspersky
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "facedepot_7b",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartec_st_fr041me",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartec_st_fr043",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3943",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-21T15:03:22.339568Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:17:30.843Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.662Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
              "vendor": "ZkTeco",
              "versions": [
                {
                  "status": "affected",
                  "version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\u003cbr\u003e\u003cp\u003e\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\n\n with firmware \nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.\n\n\n\n\u003c/p\u003e"
                }
              ],
              "value": "Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\n\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\n\n with firmware \nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100: Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-21T13:32:47.870Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2023-05-01T21:00:00.000Z",
              "value": "Vulnerability discovered."
            },
            {
              "lang": "en",
              "time": "2023-09-19T14:00:00.000Z",
              "value": "Initial request to PSIRT@zkteco.com."
            },
            {
              "lang": "en",
              "time": "2023-10-03T13:18:00.000Z",
              "value": "Follow-up with PSIRT@zkteco.com due to no initial response."
            },
            {
              "lang": "en",
              "time": "2023-12-20T10:46:00.000Z",
              "value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
            },
            {
              "lang": "en",
              "time": "2024-05-21T13:32:00.000Z",
              "value": "No response from vendor; CVE details added to CVE.org."
            }
          ],
          "title": "Multiple buffer overflow in ZkTeco-based OEM devices",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2023-3943",
        "datePublished": "2024-05-21T13:32:47.870Z",
        "dateReserved": "2023-07-25T14:17:34.611Z",
        "dateUpdated": "2024-08-02T07:08:50.662Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3941 (GCVE-0-2023-3941)

    Vulnerability from cvelistv5 – Published: 2024-05-21 10:20 – Updated: 2024-08-02 07:08
    VLAI
    Title
    Multiple arbitrary file writes in ZkTeco-based OEM devices
    Summary
    Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    ZkTeco ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 Affected: ZAM170-NF-1.8.25-7354-Ver1.0.0
    Create a notification for this product.
    zkteco smartec_st_fr041me Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zkteco facedepot_7b Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zkteco smartec_st_fr043 Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    The vulnerability was discovered by Georgy Kiguradze from Kaspersky
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartec_st_fr041me",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "facedepot_7b",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartec_st_fr043",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3941",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-21T14:59:40.293850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:17:35.737Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.697Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
              "vendor": "ZkTeco",
              "versions": [
                {
                  "status": "affected",
                  "version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker \n\nto write any file on the system with root privileges.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker \n\nto write any file on the system with root privileges.\n\n\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126: Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-21T10:20:39.827Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-27T21:00:00.000Z",
              "value": "Vulnerability discovered."
            },
            {
              "lang": "en",
              "time": "2023-09-19T14:00:00.000Z",
              "value": "Initial request to PSIRT@zkteco.com."
            },
            {
              "lang": "en",
              "time": "2023-10-03T13:18:00.000Z",
              "value": "Follow-up with PSIRT@zkteco.com due to no initial response."
            },
            {
              "lang": "en",
              "time": "2023-12-20T10:46:00.000Z",
              "value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
            },
            {
              "lang": "en",
              "time": "2024-05-21T10:20:00.000Z",
              "value": "No response from vendor; CVE details added to CVE.org."
            }
          ],
          "title": "Multiple arbitrary file writes in ZkTeco-based OEM devices",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2023-3941",
        "datePublished": "2024-05-21T10:20:39.827Z",
        "dateReserved": "2023-07-25T13:59:28.328Z",
        "dateUpdated": "2024-08-02T07:08:50.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3940 (GCVE-0-2023-3940)

    Vulnerability from cvelistv5 – Published: 2024-05-21 10:15 – Updated: 2024-08-02 07:08
    VLAI
    Title
    Multiple arbitrary file reads in ZkTeco-based OEM devices
    Summary
    Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    ZkTeco ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 Affected: ZAM170-NF-1.8.25-7354-Ver1.0.0
    Create a notification for this product.
    zkteco facedepot_7b Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zkteco smartec_st_fr043 Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zkteco smartec_st_fr041me Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    The vulnerability was discovered by Georgy Kiguradze from Kaspersky
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "facedepot_7b",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartec_st_fr043",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartec_st_fr041me",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3940",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-21T15:00:35.875389Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:17:36.995Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.683Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
              "vendor": "ZkTeco",
              "versions": [
                {
                  "status": "affected",
                  "version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker \nto access any file on the system.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker \nto access any file on the system.\n\n\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126: Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-21T10:15:52.699Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-27T21:00:00.000Z",
              "value": "Vulnerability discovered."
            },
            {
              "lang": "en",
              "time": "2023-09-19T14:00:00.000Z",
              "value": "Initial request to PSIRT@zkteco.com."
            },
            {
              "lang": "en",
              "time": "2023-10-03T13:18:00.000Z",
              "value": "Follow-up with PSIRT@zkteco.com due to no initial response."
            },
            {
              "lang": "en",
              "time": "2023-12-20T10:46:00.000Z",
              "value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
            },
            {
              "lang": "en",
              "time": "2024-05-21T10:15:00.000Z",
              "value": "No response from vendor; CVE details added to CVE.org."
            }
          ],
          "title": "Multiple arbitrary file reads in ZkTeco-based OEM devices",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2023-3940",
        "datePublished": "2024-05-21T10:15:52.699Z",
        "dateReserved": "2023-07-25T13:57:11.798Z",
        "dateUpdated": "2024-08-02T07:08:50.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3939 (GCVE-0-2023-3939)

    Vulnerability from cvelistv5 – Published: 2024-05-21 09:45 – Updated: 2024-08-02 07:08
    VLAI
    Title
    Multiple command injection in ZkTeco-based OEM devices
    Summary
    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ZkTeco ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 Affected: ZAM170-NF-1.8.25-7354-Ver1.0.0
    Create a notification for this product.
    zkteco facedepot_7b Affected: - , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    zkteco smartec_st_fr043 Affected: * , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zkteco smartec_st_fr041me Affected: * , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    The vulnerability was discovered by Georgy Kiguradze from Kaspersky
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "facedepot_7b",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "-",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartec_st_fr043",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "*",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartec_st_fr041me",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "*",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3939",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-21T15:01:31.459687Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:17:32.124Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.765Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
              "vendor": "ZkTeco",
              "versions": [
                {
                  "status": "affected",
                  "version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\nImproper Neutralization of Special Elements used in an OS Command (\u0027OS \nCommand Injection\u0027) vulnerability in ZkTeco-based OEM devices allows OS \nCommand Injection. \nSince all the found command implementations are executed from the \nsuperuser, their impact is the maximum possible.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly other.\n\n"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS \nCommand Injection\u0027) vulnerability in ZkTeco-based OEM devices allows OS \nCommand Injection. \nSince all the found command implementations are executed from the \nsuperuser, their impact is the maximum possible.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly other."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-21T10:11:07.376Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-27T21:00:00.000Z",
              "value": "Vulnerability discovered."
            },
            {
              "lang": "en",
              "time": "2023-09-19T14:00:00.000Z",
              "value": "Initial request to PSIRT@zkteco.com."
            },
            {
              "lang": "en",
              "time": "2023-10-03T13:18:00.000Z",
              "value": "Follow-up with PSIRT@zkteco.com due to no initial response."
            },
            {
              "lang": "en",
              "time": "2023-12-20T10:46:00.000Z",
              "value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
            },
            {
              "lang": "en",
              "time": "2024-05-21T09:44:00.000Z",
              "value": "No response from vendor; CVE details added to CVE.org."
            }
          ],
          "title": "Multiple command injection in ZkTeco-based OEM devices",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2023-3939",
        "datePublished": "2024-05-21T09:45:00.639Z",
        "dateReserved": "2023-07-25T13:51:45.777Z",
        "dateUpdated": "2024-08-02T07:08:50.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3938 (GCVE-0-2023-3938)

    Vulnerability from cvelistv5 – Published: 2024-05-21 09:32 – Updated: 2024-08-02 07:08
    VLAI
    Title
    Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code
    Summary
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects  ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ZkTeco ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 Affected: ZAM170-NF-1.8.25-7354-Ver1.0.0
    Create a notification for this product.
    zkteco smartec_st_fr043 Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zkteco smartec_st_fr041me Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zkteco facedepot_7b Affected: 0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0 (custom)
        cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    The vulnerability was discovered by Alexander Zaytsev from Kaspersky
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartec_st_fr043",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartec_st_fr041me",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "facedepot_7b",
                "vendor": "zkteco",
                "versions": [
                  {
                    "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3938",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-21T15:02:22.205077Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-18T18:12:06.498Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.673Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-001.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
              "vendor": "ZkTeco",
              "versions": [
                {
                  "status": "affected",
                  "version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The vulnerability was discovered by Alexander Zaytsev from Kaspersky"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nImproper Neutralization of Special Elements used in an SQL Command (\u0027SQL\n Injection\u0027) vulnerability in ZkTeco-based OEM devices allows an \nattacker \n to authenticate under any user from the device database.\n\nThis issue affects\u0026nbsp;\n\n\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others.\n\n"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL\n Injection\u0027) vulnerability in ZkTeco-based OEM devices allows an \nattacker \n to authenticate under any user from the device database.\n\nThis issue affects\u00a0\n\n\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly others."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-21T10:14:30.409Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-001.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-04T21:00:00.000Z",
              "value": "Vulnerability discovered."
            },
            {
              "lang": "en",
              "time": "2023-09-19T14:00:00.000Z",
              "value": "Initial request to PSIRT@zkteco.com."
            },
            {
              "lang": "en",
              "time": "2023-10-03T13:18:00.000Z",
              "value": "Follow-up with PSIRT@zkteco.com due to no initial response."
            },
            {
              "lang": "en",
              "time": "2023-12-20T10:46:00.000Z",
              "value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
            },
            {
              "lang": "en",
              "time": "2024-05-21T09:31:00.000Z",
              "value": "No response from vendor; CVE details added to CVE.org."
            }
          ],
          "title": "Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2023-3938",
        "datePublished": "2024-05-21T09:32:15.305Z",
        "dateReserved": "2023-07-25T13:42:20.770Z",
        "dateUpdated": "2024-08-02T07:08:50.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }