Skip to main content

Biotime

12 CVEs product

Monthly

CVE-2024-13966 MEDIUM This Month

ZKTeco BioTime allows unauthenticated attackers to enumerate usernames and log in as any user with a password unchanged from the default value '123456'. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Biotime
NVD
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-6523 MEDIUM POC This Month

A vulnerability was found in ZKTeco BioTime up to 9.5.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Biotime
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2023-51142 HIGH POC This Week

An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Biotime
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-51141 MEDIUM POC This Month

An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Biotime
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38952 HIGH POC This Week

Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Biotime
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
2.4%
CVE-2023-38951 CRITICAL Act Now

ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Biotime
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.2%
CVE-2023-38950 HIGH POC KEV THREAT Act Now

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Path Traversal Biotime
NVD VulDB
CVSS 3.1
7.5
EPSS
84.9%
Threat
7.0
CVE-2023-38949 HIGH This Week

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Biotime
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-38803 MEDIUM POC This Month

Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Biotime
NVD GitHub
CVSS 3.1
6.8
EPSS
0.6%
CVE-2022-38802 MEDIUM POC This Month

Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Biotime
NVD GitHub
CVSS 3.1
6.2
EPSS
0.6%
CVE-2022-38801 MEDIUM This Month

In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Biotime
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-30515 MEDIUM POC This Month

ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Biotime
NVD
CVSS 3.1
5.3
EPSS
0.7%
EPSS 1% CVSS 6.9
MEDIUM This Month

ZKTeco BioTime allows unauthenticated attackers to enumerate usernames and log in as any user with a password unchanged from the default value '123456'. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Biotime
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in ZKTeco BioTime up to 9.5.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Biotime
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Biotime
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Biotime
NVD GitHub VulDB
EPSS 2% CVSS 7.5
HIGH POC This Week

Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Biotime
NVD GitHub VulDB
EPSS 3% CVSS 9.8
CRITICAL Act Now

ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Biotime
NVD GitHub VulDB
EPSS 85% 7.0 CVSS 7.5
HIGH POC KEV THREAT Act Now

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Path Traversal Biotime
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Biotime
NVD
EPSS 1% CVSS 6.8
MEDIUM POC This Month

Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Biotime
NVD GitHub
EPSS 1% CVSS 6.2
MEDIUM POC This Month

Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Biotime
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Biotime
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Biotime
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy