HIGH🇬🇧 English

CVE-2024-35431

CVSS 7.5v3.1pub. 2024-05-30upd. 2025-06-17

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. NOTE: Third parties have indicated other versions are also vulnerable including up to 6.4.1.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Zkteco Zkbio Cvsecurity

    APP
    Zkteco
    6.1.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2024-36526CRITICAL9.8PL ✓ten sam produkt

ZKTeco ZKBio CVSecurity — hardcoded klucz kryptograficzny

CVE-2024-35430HIGH8.1ten sam produkt

In ZKTeco ZKBio CVSecurity v6.1.1_R and earlier (fixed in 6.1.3_R) an authenticated user can bypass password c...

CVE-2024-35428HIGH7.1ten sam produkt

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user ca...

CVE-2024-35433HIGH8.1ten sam produkt

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the pe...

CVE-2025-45746MEDIUM6.5ten sam produkt

In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to ...

CVE-2024-35431 — HIGH 7.5 | CVEbaza.pl