CVE-2016-20029

| EUVD-2016-10813 MEDIUM
2026-03-15 VulnCheck
6.2
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
PoC Detected
Mar 16, 2026 - 14:53 vuln.today
Public exploit code
EUVD ID Assigned
Mar 15, 2026 - 14:00 euvd
EUVD-2016-10813
Analysis Generated
Mar 15, 2026 - 14:00 vuln.today
CVE Published
Mar 15, 2026 - 13:35 nvd
MEDIUM 6.2

Tags

Privilege Escalation Zkteco Zkbiosecurity

Description

ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including configuration files, source code, and protected application resources.

Analysis

ZKTeco ZKBioSecurity 3.0 contains a local file path manipulation vulnerability (CWE-276) that allows unauthenticated attackers to bypass access controls and read arbitrary files including configuration files, source code, and application resources. A publicly available proof-of-concept exists, and the vulnerability has moderate real-world risk due to its local attack vector requirement but high confidentiality impact on sensitive biometric system data.

Technical Context

The vulnerability exploits improper file access control in ZKBioSecurity 3.0 (CPE: cpe:2.3:a:zkteco_inc.:zkteco_zkbiosecurity:*:*:*:*:*:*:*:*), a biometric security management system. The root cause falls under CWE-276 (Incorrect Default File Permissions), indicating the application fails to properly restrict file path operations when retrieving local resources. Attackers manipulate path parameters (likely directory traversal or symbolic link attacks) to access files outside intended directories. The vulnerability specifically targets the file retrieval mechanism that loads local application resources, suggesting improper input validation on file path parameters without adequate canonicalization or sandboxing.

Affected Products

ZKTeco ZKBioSecurity version 3.0 and potentially earlier versions (wildcard in CPE suggests broader version range affected). The CPE string cpe:2.3:a:zkteco_inc.:zkteco_zkbiosecurity:*:*:*:*:*:*:*:* indicates all versions, though publicly disclosed information references specifically version 3.0. Affected installations include any ZKBioSecurity deployments used for access control, attendance tracking, or identity verification that expose the vulnerable file retrieval functionality.

Remediation

Specific patch versions are not explicitly provided in available references. Recommended actions: (1) Contact ZKTeco directly for security patches or workarounds for ZKBioSecurity 3.0; (2) Implement operating system-level file access controls restricting application process permissions to only required directories; (3) Disable or restrict local access to affected ZKBioSecurity systems to only trusted administrators; (4) Monitor file access patterns for suspicious path traversal attempts; (5) Upgrade to a patched version if available from ZKTeco; (6) Review https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-file-path-manipulation-vulnerability and vendor security bulletins for patch availability and official remediation guidance.

Priority Score

51
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +31
POC: +20

Share

CVE-2016-20029 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy