CVE-2023-4587

Published: Sep 4, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server.

Affected (1)

Products: Zkteco: Zem800 Firmware

Zkteco

1 product

Zem800 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zkteco Zem800 Firmware	Version 6.60

Running on/with	Platform Versions
Zkteco Zem800	All versions

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-zkteco-zem800

Source: cve-coordination@incibe.es

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-zkteco-zem800

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.