Which versions of Zkteco Zktime Net are affected by EUVD-2016-10803?

ZKTeco ZKTime.Net 3.0.1.6 contains a critical privilege escalation vulnerability (CVSS 9.8) with active public exploits and no available patch.

Is there a public PoC exploit available for EUVD-2016-10803?

Yes, a public proof-of-concept exploit is available for EUVD-2016-10803. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate EUVD-2016-10803?

Within 24 hours: Identify all systems running ZKTime.Net 3.0.1.6 and restrict local access to trusted administrators only; document current user base and access logs for forensic review. Within 7 days: Implement strict file permission controls on the ZKTimeNet3.0 directory (remove world-writable permissions, restrict to system account only); deploy host-based monitoring to detect unauthorized file modifications. Within 30 days: Evaluate migration to alternative time/attendance solutions with active vendor support; contact ZKTeco for patch timeline; implement application whitelisting to prevent unauthorized binary execution.

Zkteco Zktime Net EUVD-2016-10803

Q: What is the CVSS score of EUVD-2016-10803?

EUVD-2016-10803 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

| CVE-2016-20024 CRITICAL

Insertion of Sensitive Information into Externally-Accessible File (CWE-538)

2026-03-15 VulnCheck

Privilege Escalation Zkteco Zktime Net

9.3

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

9.3 CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 15, 2026 - 15:22 NVD

9.8 (CRITICAL) 9.3 (CRITICAL)

PoC Detected

Mar 16, 2026 - 14:53 vuln.today

Public exploit code

EUVD ID Assigned

Mar 15, 2026 - 14:00 euvd

EUVD-2016-10803

Analysis Generated

Mar 15, 2026 - 14:00 vuln.today

CVE Published

Mar 15, 2026 - 13:35 nvd

CRITICAL 9.8

DescriptionCVE.org

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation.

AnalysisAI

Critical insecure file permissions vulnerability in ZKTeco ZKTime.Net 3.0.1.6 that allows unprivileged local users to gain elevated privileges by replacing executable files in the world-writable application directory. Multiple public proof-of-concept exploits are available on Exploit-DB and PacketStorm, making this vulnerability easily exploitable despite requiring local access. While not listed in CISA KEV and lacking current EPSS data, the availability of working exploits and the simplicity of the attack make this a significant risk for organizations using this time and attendance software.

Technical ContextAI

The vulnerability stems from CWE-538 (Insertion of Sensitive Information into Externally-Accessible File or Directory), where the ZKTime.Net 3.0.1.6 application installs with world-writable permissions on its program directory 'ZKTimeNet3.0' and all contained files. Based on the CPE string (cpe:2.3:a:zkteco_inc.:zkteco_zktime.net:*:*:*:*:*:*:*:*), all versions of ZKTeco's ZKTime.Net time and attendance management software appear affected. This insecure permission configuration allows any local user to modify, replace, or inject malicious executables into the application directory, which will then run with the privileges of users who execute the legitimate application.

RemediationAI

No specific patch version is mentioned in the available references. Immediate mitigation involves manually correcting the file permissions on the ZKTimeNet3.0 directory to remove world-writable access (chmod 755 or more restrictive). Organizations should: 1) Audit and correct permissions on the installation directory and all contained files, 2) Implement the principle of least privilege for system access, 3) Monitor for unauthorized modifications to application executables, 4) Contact ZKTeco for an updated version that properly sets file permissions during installation. The ZeroScience advisory (https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php) may contain additional mitigation details.

EUVD-2016-10803 vulnerability details – vuln.today

Back