ZKBio CVSecurity 6.1.1 Vulnerable to Directory Traversal
CVE-2024-35431

7.5HIGH

Key Information:

Vendor: ZKTeco
Status: Zkbio Cvsecurity
Vendor: CVE Published:; 30 May 2024

What is CVE-2024-35431?

The ZKTeco ZKBio CVSecurity 6.1.1 product is susceptible to a directory traversal vulnerability that enables unauthenticated users to exploit the system. Utilizing the photoBase64 endpoint, attackers can potentially access and download sensitive local files from the server, posing significant risks to data security and integrity. This vulnerability highlights the need for stringent security measures to prevent unauthorized file access and maintain the confidentiality of server resources.

References

https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 30, 2024