Insecure direct object reference in ZKTeco ZEM800
CVE-2023-4587

5.5MEDIUM

Key Information:

Vendor: ZKTeco
Status: ZEM800
Vendor: CVE Published:; 4 September 2023

What is CVE-2023-4587?

An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server.

Affected Version(s)

ZEM800 6.60

References

https://www.incibe.es/en/incibe-cert/notices/aviso/insecu...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 4, 2023
Vulnerability Reserved
Aug 29, 2023

Credit

David Utón Amaya (m3n0sd0n4ld)