Stack-based Buffer Overflow Vulnerability Affects ZkTeco Devices
CVE-2023-3943

10CRITICAL

Key Information:

Vendor: Zkteco
Status: Zkteco-based Oem Devices With Firmware Zam170-nf-1.8.25-7354-ver1.0.0
Vendor: CVE Published:; 21 May 2024

What is CVE-2023-3943?

A stack-based buffer overflow vulnerability exists in several ZkTeco-based OEM devices, which could allow the execution of arbitrary code in certain conditions. This risk is heightened by the absence of protective measures such as stack canaries and Position Independent Executables (PIE). The flaw is known to affect multiple devices including the ZkTeco ProFace X and Smartec ST-FR043 with specific firmware versions, making it essential for users to apply necessary security measures.

Affected Version(s)

ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 ZAM170-NF-1.8.25-7354-Ver1.0.0

References

https://github.com/klsecservices/Advisories/blob/master/K...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 21, 2024
Vulnerability Reserved
Jul 25, 2023

Credit

The vulnerability was discovered by Georgy Kiguradze from Kaspersky

Zkteco

What is CVE-2023-3943?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit