Zkteco Based Oem Devices With Firmware Zam170 Nf 1.8.25 7354 Ver1.0.0, Standalone Service V. 2.1.6 20200907
Approved changes feed: RSS · Atom
cpe:2.3:a:zkteco:zkteco-based_oem_devices_with_firmware_zam170-nf-1.8.25-7354-ver1.0.0,_standalone_service_v._2.1.6-20200907:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Zkteco (5c4057c2-8005-57f0-8064-1e33ee4cd690) |
|---|---|
| Product | Zkteco Based Oem Devices With Firmware Zam170 Nf 1.8.25 7354 Ver1.0.0, Standalone Service V. 2.1.6 20200907 (5f7341eb-2657-53b7-9e30-3b88806c9272) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-3942 |
vulnerable | 2026-06-03 14:52:42.181829 |
Multiple SQLi in ZkTeco-based OEM devices
HIGH (7.5)
An 'SQL Injection' vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the attacker to access user data and system parameters from the database.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)
with firmware
ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other, Standalone service v. 2.1.6-20200907 and possibly others.
Published: 2024-05-21T12:23:49.526Z
Updated: 2024-08-02T07:08:50.624Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.