Information Disclosure Vulnerability in ZKTeco Products
CVE-2022-42953

7.5HIGH

Key Information:

Vendor: Zkteco
Status: Zmm200 Firmware
Vendor: CVE Published:; 25 December 2022

What is CVE-2022-42953?

ZKTeco products including models like ZEM500, ZEM510, ZEM560, ZEM760, ZEM600, ZEM800, ZEM720, and ZMM prohibit unauthorized access to sensitive information through direct requests to specific URLs. Devices running firmware versions prior to 8.88 for ZEM series and 15.00 for ZMM series are affected. Users are urged to upgrade to the latest firmware versions for enhanced protection and to mitigate the risk of data breaches.

References

https://www.redteam-pentesting.de/en/advisories/-advisori...

https://seclists.org/fulldisclosure/2022/Oct/23

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 25, 2022
Vulnerability Reserved
Oct 15, 2022

Zkteco

What is CVE-2022-42953?

References

EPSS Score

CVSS V3.1

Timeline