← voltar
CVE-2023-3943

Multiple buffer overflow in ZkTeco-based OEM devices

CVSS 10 CRITICALEPSS 0.9%CWE-121
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 10EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
21 mai 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
ZkTeco · ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md