Stack-based Buffer Overflow Vulnerability Affects ZkTeco Devices
CVE-2023-3943

10CRITICAL

Key Information:

Vendor: Zkteco
Status: Zkteco-based Oem Devices With Firmware Zam170-nf-1.8.25-7354-ver1.0.0
Vendor: CVE Published:; 21 May 2024

What is CVE-2023-3943?

A stack-based buffer overflow vulnerability exists in several ZkTeco-based OEM devices, which could allow the execution of arbitrary code in certain conditions. This risk is heightened by the absence of protective measures such as stack canaries and Position Independent Executables (PIE). The flaw is known to affect multiple devices including the ZkTeco ProFace X and Smartec ST-FR043 with specific firmware versions, making it essential for users to apply necessary security measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 ZAM170-NF-1.8.25-7354-Ver1.0.0

References

https://github.com/klsecservices/Advisories/blob/master/K...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 21, 2024
Vulnerability Reserved
Jul 25, 2023

Credit

The vulnerability was discovered by Georgy Kiguradze from Kaspersky

JSON

Zkteco

What is CVE-2023-3943?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.