Vulnerability CVE-2022-36634


Published: 2022-10-07

Description:
An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
ZKSecurity BIO 3.0.5.0_R Privilege Escalation
Silton Santos
04.10.2022

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

 References:
https://seclists.org/fulldisclosure/2022/Sep/29
http://zkbiosecurity.com
http://zkteco.com

Copyright 2024, cxsecurity.com

 

Back to Top