GCVE - cpe:2.3:a:zkteco:zkbio_cvsecurity:6.1.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:zkteco:zkbio_cvsecurity:6.1.1:*:*:*:*:*:*:*

part: a version: 6.1.1 update: *

Vendor	Zkteco (`5c4057c2-8005-57f0-8064-1e33ee4cd690`)
Product	Zkbio Cvsecurity (`128a770b-b8ce-5c25-8072-3a271c3cd36f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-36526`	vulnerable	2026-06-03 14:56:04.874081	Details available ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key. Published: 2024-07-09T00:00:00.000Z Updated: 2024-08-02T03:37:05.336Z Open on db.gcve.eu Reference links https://zkteco.eu/downloads/zkbio-cvsecurity-installation-files https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-36526.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-35433`	vulnerable	2026-06-03 14:55:56.168143	Details available ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user. Published: 2024-05-30T17:10:57.858Z Updated: 2025-02-13T15:58:48.055Z Open on db.gcve.eu Reference links https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35433.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-35432`	vulnerable	2026-06-03 14:55:56.166088	Details available ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting (XSS) via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting. Published: 2024-05-30T16:05:05.907Z Updated: 2025-02-13T15:58:47.446Z Open on db.gcve.eu Reference links https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35432.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-35431`	vulnerable	2026-06-03 14:55:56.165752	Details available ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. NOTE: Third parties have indicated other versions are also vulnerable including up to 6.4.1. Published: 2024-05-30T16:10:50.419Z Updated: 2025-05-15T21:17:59.787Z Open on db.gcve.eu Reference links https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35431.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-35430`	vulnerable	2026-06-03 14:55:56.165400	Details available In ZKTeco ZKBio CVSecurity v6.1.1_R and earlier (fixed in 6.1.3_R) an authenticated user can bypass password checks while exporting data from the application. Published: 2024-05-30T15:55:46.314Z Updated: 2025-07-09T16:13:55.376Z Open on db.gcve.eu Reference links https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35430.md https://www.zkteco.com/en/Security_Bulletinsibs/16	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-35429`	vulnerable	2026-06-03 14:55:56.164984	Details available ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord. Published: 2024-05-30T16:20:53.690Z Updated: 2025-02-13T15:58:45.802Z Open on db.gcve.eu Reference links https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35429.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-35428`	vulnerable	2026-06-03 14:55:56.163825	Details available ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS. Published: 2024-05-30T17:02:20.057Z Updated: 2025-03-13T14:11:39.005Z Open on db.gcve.eu Reference links https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35428.md	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.