CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38958
https://notcve.org/view.php?id=CVE-2023-38958
An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request. Un problema de control de acceso en ZKTeco BioAccess IVS v3.3.1 permite a atacantes no autenticados cerrar y abrir de forma arbitraria las puertas gestionadas por la plataforma de forma remota mediante el envío de una solicitud web manipulada. • http://zkteco.com https://claroty.com/team82/disclosure-dashboard/cve-2023-38958 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38954
https://notcve.org/view.php?id=CVE-2023-38954
ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability. Se ha descubierto que ZKTeco BioAccess IVS v3.3.1 contiene una vulnerabilidad de inyección SQL. • http://zkteco.com https://claroty.com/team82/disclosure-dashboard/cve-2023-38954 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38949
https://notcve.org/view.php?id=CVE-2023-38949
An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request. • http://zkteco.com https://claroty.com/team82/disclosure-dashboard/cve-2023-38949 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38951
https://notcve.org/view.php?id=CVE-2023-38951
A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files via using a malicious SFTP configuration. • http://zkteco.com https://claroty.com/team82/disclosure-dashboard/cve-2023-38951 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38956
https://notcve.org/view.php?id=CVE-2023-38956
A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. Una vulnerabilidad de salto de ruta en ZKTeco BioAccess IVS v3.3.1 permite a atacantes no autenticados leer archivos arbitrarios mediante el suministro de un payload manipulado. • http://zkteco.com https://claroty.com/team82/disclosure-dashboard/cve-2023-38956 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •