CVE-2016-20024

| EUVD-2016-10803 CRITICAL
2026-03-15 VulnCheck
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
PoC Detected
Mar 16, 2026 - 14:53 vuln.today
Public exploit code
EUVD ID Assigned
Mar 15, 2026 - 14:00 euvd
EUVD-2016-10803
Analysis Generated
Mar 15, 2026 - 14:00 vuln.today
CVE Published
Mar 15, 2026 - 13:35 nvd
CRITICAL 9.8

Tags

Privilege Escalation Zkteco Zktime.Net

Description

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation.

Analysis

Critical insecure file permissions vulnerability in ZKTeco ZKTime.Net 3.0.1.6 that allows unprivileged local users to gain elevated privileges by replacing executable files in the world-writable application directory. Multiple public proof-of-concept exploits are available on Exploit-DB and PacketStorm, making this vulnerability easily exploitable despite requiring local access. While not listed in CISA KEV and lacking current EPSS data, the availability of working exploits and the simplicity of the attack make this a significant risk for organizations using this time and attendance software.

Technical Context

The vulnerability stems from CWE-538 (Insertion of Sensitive Information into Externally-Accessible File or Directory), where the ZKTime.Net 3.0.1.6 application installs with world-writable permissions on its program directory 'ZKTimeNet3.0' and all contained files. Based on the CPE string (cpe:2.3:a:zkteco_inc.:zkteco_zktime.net:*:*:*:*:*:*:*:*), all versions of ZKTeco's ZKTime.Net time and attendance management software appear affected. This insecure permission configuration allows any local user to modify, replace, or inject malicious executables into the application directory, which will then run with the privileges of users who execute the legitimate application.

Affected Products

ZKTeco ZKTime.Net version 3.0.1.6 is specifically affected, though the CPE wildcard pattern suggests all versions may be vulnerable. ZKTime.Net is a time and attendance management software used for employee time tracking and access control integration. Organizations using any version of ZKTeco's ZKTime.Net software should verify their installation's file permissions. The vendor advisory link from VulnCheck (https://www.vulncheck.com/advisories/zkteco-zktime-net-insecure-file-permissions-privilege-escalation) provides additional details.

Remediation

No specific patch version is mentioned in the available references. Immediate mitigation involves manually correcting the file permissions on the ZKTimeNet3.0 directory to remove world-writable access (chmod 755 or more restrictive). Organizations should: 1) Audit and correct permissions on the installation directory and all contained files, 2) Implement the principle of least privilege for system access, 3) Monitor for unauthorized modifications to application executables, 4) Contact ZKTeco for an updated version that properly sets file permissions during installation. The ZeroScience advisory (https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php) may contain additional mitigation details.

Priority Score

69
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +49
POC: +20

Share

CVE-2016-20024 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy