Zkteco Based Oem Devices With Firmware Zam170 Nf 1.8.25 7354 Ver1.0.0
Approved changes feed: RSS · Atom
cpe:2.3:a:zkteco:zkteco-based_oem_devices_with_firmware_zam170-nf-1.8.25-7354-ver1.0.0:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Zkteco (5c4057c2-8005-57f0-8064-1e33ee4cd690) |
|---|---|
| Product | Zkteco Based Oem Devices With Firmware Zam170 Nf 1.8.25 7354 Ver1.0.0 (2ef118ce-9569-5b80-8c15-9a9ee1d48e86) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-3943 |
vulnerable | 2026-06-03 14:52:42.182383 |
Multiple buffer overflow in ZkTeco-based OEM devices
CRITICAL (10)
Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)
with firmware
ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
Published: 2024-05-21T13:32:47.870Z
Updated: 2024-08-02T07:08:50.662Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3941 |
vulnerable | 2026-06-03 14:52:42.178803 |
Multiple arbitrary file writes in ZkTeco-based OEM devices
CRITICAL (10)
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker
to write any file on the system with root privileges.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly others.
Published: 2024-05-21T10:20:39.827Z
Updated: 2024-08-02T07:08:50.697Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3940 |
vulnerable | 2026-06-03 14:52:42.178268 |
Multiple arbitrary file reads in ZkTeco-based OEM devices
HIGH (7.5)
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker
to access any file on the system.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly others.
Published: 2024-05-21T10:15:52.699Z
Updated: 2024-08-02T07:08:50.683Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3939 |
vulnerable | 2026-06-03 14:52:42.177837 |
Multiple command injection in ZkTeco-based OEM devices
CRITICAL (10)
Improper Neutralization of Special Elements used in an OS Command ('OS
Command Injection') vulnerability in ZkTeco-based OEM devices allows OS
Command Injection.
Since all the found command implementations are executed from the
superuser, their impact is the maximum possible.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly other.
Published: 2024-05-21T09:45:00.639Z
Updated: 2024-08-02T07:08:50.765Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3938 |
vulnerable | 2026-06-03 14:52:42.177282 |
Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code
MEDIUM (4.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL
Injection') vulnerability in ZkTeco-based OEM devices allows an
attacker
to authenticate under any user from the device database.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly others.
Published: 2024-05-21T09:32:15.305Z
Updated: 2024-08-02T07:08:50.673Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.