Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation
Vulnerability Description
ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
文件和路径信息暴露
Vulnerability Title
ZKTeco ZKTime.Net 安全漏洞
Vulnerability Description
ZKTeco ZKTime.Net是中国熵基科技(ZKTeco)公司的一个考勤与时间管理软件。 ZKTeco ZKTime.Net 3.0.1.6版本存在安全漏洞,该漏洞源于文件权限不安全,可能导致未授权用户通过修改可执行文件提升权限。
CVSS Information
N/A
Vulnerability Type
N/A