Zkteco: >> Zkbio Cvsecurity Security Vulnerabilities
In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-05-13
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS.
CVSS Score
7.1
EPSS Score
0.003
Published
2024-05-30
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-05-30