GCVE - cpe:2.3:a:zkteco:bioaccess_ivs:3.3.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:zkteco:bioaccess_ivs:3.3.1:*:*:*:*:*:*:*

part: a version: 3.3.1 update: *

Vendor	Zkteco (`5c4057c2-8005-57f0-8064-1e33ee4cd690`)
Product	Bioaccess Ivs (`c0a41339-b99d-5b1b-8ca8-92e8a0682792`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-38958`	vulnerable	2026-06-03 14:52:32.269771	Details available An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request. Published: 2023-08-03T00:00:00.000Z Updated: 2024-10-18T13:55:00.171Z Open on db.gcve.eu Reference links http://zkteco.com https://claroty.com/team82/disclosure-dashboard/cve-2023-38958	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-38956`	vulnerable	2026-06-03 14:52:32.269466	Details available A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. Published: 2023-08-03T00:00:00.000Z Updated: 2024-10-17T20:02:56.689Z Open on db.gcve.eu Reference links http://zkteco.com https://claroty.com/team82/disclosure-dashboard/cve-2023-38956	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-38955`	vulnerable	2026-06-03 14:52:32.269162	Details available ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names. Published: 2023-08-03T00:00:00.000Z Updated: 2024-10-17T19:37:11.309Z Open on db.gcve.eu Reference links http://zkteco.com https://claroty.com/team82/disclosure-dashboard/cve-2023-38955	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-38954`	vulnerable	2026-06-03 14:52:32.268754	Details available ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability. Published: 2023-08-03T00:00:00.000Z Updated: 2024-10-17T19:38:08.697Z Open on db.gcve.eu Reference links http://zkteco.com https://claroty.com/team82/disclosure-dashboard/cve-2023-38954	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.