1 results (0.006 seconds)
CVSS: 7.5EPSS: 3%CPEs: 20EXPL: 3
CVSS: 7.5EPSS: 3%CPEs: 20EXPL: 3CVE-2022-42953 – ZKTeco ZEM/ZMM 8.88 - Missing Authentication
https://notcve.org/view.php?id=CVE-2022-42953
Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be before 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210). The fixed versions are firmware version 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and firmware version 15.00 (ZMM200-220-210). • https://www.exploit-db.com/exploits/51112 https://seclists.org/fulldisclosure/2022/Oct/23 https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses • CWE-425: Direct Request ('Forced Browsing') •