Описание
A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:zkteco:zkbiosecurity_server:1.0.0_20190723:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:zkteco:facedepot_7b_firmware:1.0.213:*:*:*:*:*:*:*
cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00377
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-613
Связанные уязвимости
github
больше 3 лет назад
A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database.
EPSS
Процентиль: 59%
0.00377
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-613