ZKTeco BioTime v8.5.5 - Path Traversal

Short Info

Level

High

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

23 days 23 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.

References:

https://github.com/advisories/GHSA-4m8x-4g54-h49v
http://zkteco.com
https://claroty.com/team82/disclosure-dashboard/cve-2023-38950
https://www.fortinet.com/content/dam/fortinet/assets/reports/report-incident-response-middle-east.pdf
https://nvd.nist.gov/vuln/detail/CVE-2023-38950

Get started to protecting your digital assets

Start trial See the plans

ZKTeco BioTime v8.5.5 - Path Traversal

Short Info

-

Detail

Category