CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38955
https://notcve.org/view.php?id=CVE-2023-38955
ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names. ZKTeco BioAccess IVS v3.3.1 permite a los atacantes no autenticados obtener información sensible sobre todos los dispositivos gestionados, incluyendo sus direcciones IP y nombres de dispositivos. • http://zkteco.com https://claroty.com/team82/disclosure-dashboard/cve-2023-38955 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38950
https://notcve.org/view.php?id=CVE-2023-38950
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. • http://zkteco.com https://claroty.com/team82/disclosure-dashboard/cve-2023-38950 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44213
https://notcve.org/view.php?id=CVE-2022-44213
ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS). ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 es vulnerable a Cross Site Scripting (XSS). • https://the-it-wonders.blogspot.com/2022/09/zkt-eco-adms-stored-xss.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-39434
https://notcve.org/view.php?id=CVE-2021-39434
A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220. Se descubrió un nombre de usuario y contraseña predeterminados para una cuenta de administrador en ZKTeco ZKTime 10.0 a 11.1.0, compilaciones 20180901, 20190510.1, 20200309.3, 20200930, 20201231 y 20210220. • https://www.cnvd.org.cn/flaw/show/CNVD-2018-26041 • CWE-521: Weak Password Requirements •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38801
https://notcve.org/view.php?id=CVE-2022-38801
In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting. En Zkteco BioTime < 8.5.3 Build:20200816.447, un empleado puede secuestrar una sesión de administrador y cookies mediante blind cross-site scripting. • https://gist.github.com/hamoshwani/5ac860dd6757440174f446c62b24653f https://www.zkteco.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •