Data Export Vulnerability in ZKTeco ZKBio CVSecurity
CVE-2024-35430

8.1HIGH

Key Information:

Vendor

ZKTeco

Status
Zkbio Cvsecurity
Vendor
CVE Published:
30 May 2024

What is CVE-2024-35430?

A vulnerability exists in ZKTeco's ZKBio CVSecurity version 6.1.1 that allows authenticated users to bypass password checks when exporting data from the application. This flaw threatens the integrity of the data management processes by enabling unauthorized data access, making it essential for users and administrators to assess their security practices and implement necessary mitigations.

References

https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE...
https://www.zkteco.com/en/Security_Bulletinsibs/16

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-35430 : Data Export Vulnerability in ZKTeco ZKBio CVSecurity