ZKTeco FaceDepot 7B
Approved changes feed: RSS · Atom
cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*
part: h version: - update: *
| Vendor | Zkteco (5c4057c2-8005-57f0-8064-1e33ee4cd690) |
|---|---|
| Product | Facedepot 7B (a56f519c-95f3-53fd-9fcf-60dba84bd7be) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-3943 |
vulnerable | 2026-06-03 14:52:42.182296 |
Multiple buffer overflow in ZkTeco-based OEM devices
CRITICAL (10)
Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)
with firmware
ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
Published: 2024-05-21T13:32:47.870Z
Updated: 2024-08-02T07:08:50.662Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3942 |
vulnerable | 2026-06-03 14:52:42.179227 |
Multiple SQLi in ZkTeco-based OEM devices
HIGH (7.5)
An 'SQL Injection' vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the attacker to access user data and system parameters from the database.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)
with firmware
ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other, Standalone service v. 2.1.6-20200907 and possibly others.
Published: 2024-05-21T12:23:49.526Z
Updated: 2024-08-02T07:08:50.624Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3941 |
vulnerable | 2026-06-03 14:52:42.178759 |
Multiple arbitrary file writes in ZkTeco-based OEM devices
CRITICAL (10)
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker
to write any file on the system with root privileges.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly others.
Published: 2024-05-21T10:20:39.827Z
Updated: 2024-08-02T07:08:50.697Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3940 |
vulnerable | 2026-06-03 14:52:42.178186 |
Multiple arbitrary file reads in ZkTeco-based OEM devices
HIGH (7.5)
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker
to access any file on the system.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly others.
Published: 2024-05-21T10:15:52.699Z
Updated: 2024-08-02T07:08:50.683Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3939 |
vulnerable | 2026-06-03 14:52:42.177755 |
Multiple command injection in ZkTeco-based OEM devices
CRITICAL (10)
Improper Neutralization of Special Elements used in an OS Command ('OS
Command Injection') vulnerability in ZkTeco-based OEM devices allows OS
Command Injection.
Since all the found command implementations are executed from the
superuser, their impact is the maximum possible.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly other.
Published: 2024-05-21T09:45:00.639Z
Updated: 2024-08-02T07:08:50.765Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3938 |
vulnerable | 2026-06-03 14:52:42.176219 |
Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code
MEDIUM (4.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL
Injection') vulnerability in ZkTeco-based OEM devices allows an
attacker
to authenticate under any user from the device database.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0
and possibly others.
Published: 2024-05-21T09:32:15.305Z
Updated: 2024-08-02T07:08:50.673Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-17474 |
not_vulnerable | 2026-06-03 14:41:54.212006 |
Details available
A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database.
Published: 2020-08-14T19:22:08.000Z
Updated: 2024-08-04T13:53:17.472Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-17473 |
not_vulnerable | 2026-06-03 14:41:54.211409 |
Details available
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.
Published: 2020-08-14T19:12:48.000Z
Updated: 2024-08-04T13:53:17.420Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.