← volver
CVE-2023-3943

Multiple buffer overflow in ZkTeco-based OEM devices

CVSS 10 CRITICALEPSS 0.9%CWE-121
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 10EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
21 may 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Productos afectados
ZkTeco · ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md