Vulnerability Details CVE-2022-42953
Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be before 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210). The fixed versions are firmware version 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and firmware version 15.00 (ZMM200-220-210).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.147
EPSS Ranking 94.1%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2022-42953
-
cpe:2.3:h:zkteco:zem500:-
-
cpe:2.3:h:zkteco:zem510:-
-
cpe:2.3:h:zkteco:zem560:-
-
cpe:2.3:h:zkteco:zem600:-
-
cpe:2.3:h:zkteco:zem720:-
-
cpe:2.3:h:zkteco:zem760:-
-
cpe:2.3:h:zkteco:zem800:-
-
cpe:2.3:h:zkteco:zmm200:-
-
cpe:2.3:h:zkteco:zmm210:-
-
cpe:2.3:h:zkteco:zmm220:-
-
cpe:2.3:o:zkteco:zem500_firmware:*
-
cpe:2.3:o:zkteco:zem510_firmware:*
-
cpe:2.3:o:zkteco:zem560_firmware:*
-
cpe:2.3:o:zkteco:zem600_firmware:*
-
cpe:2.3:o:zkteco:zem720_firmware:*
-
cpe:2.3:o:zkteco:zem760_firmware:*
-
cpe:2.3:o:zkteco:zem800_firmware:6.60
-
cpe:2.3:o:zkteco:zmm200_firmware:*
-
cpe:2.3:o:zkteco:zmm210_firmware:*
-
cpe:2.3:o:zkteco:zmm220_firmware:*