ZKBio CVSecurity 6.1.1 Vulnerable to Directory Traversal via BaseMediaFile
CVE-2024-35428

7.1HIGH

Key Information:

Vendor: ZKTeco
Status: Zkbio Cvsecurity
Vendor: CVE Published:; 30 May 2024

What is CVE-2024-35428?

The ZKTeco ZKBio CVSecurity software version 6.1.1 is susceptible to a directory traversal vulnerability through the BaseMediaFile component. This vulnerability allows an authenticated user to exploit the server's file system, enabling them to delete local files. The impact of this action may lead to a denial-of-service condition, disrupting availability and functionality for users relying on the system. Addressing this vulnerability is crucial to maintain the integrity and reliability of the affected product.

References

https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 30, 2024