7.5
CVE-2022-42953
- EPSS 10.61%
- Veröffentlicht 25.12.2022 05:15:10
- Zuletzt bearbeitet 15.04.2025 14:15:33
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be before 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210). The fixed versions are firmware version 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and firmware version 15.00 (ZMM200-220-210).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zkteco ≫ Zmm200 Firmware Version < 15.00
Zkteco ≫ Zmm210 Firmware Version < 15.00
Zkteco ≫ Zmm220 Firmware Version < 15.00
Zkteco ≫ Zem720 Firmware Version < 8.88
Zkteco ≫ Zem600 Firmware Version < 8.88
Zkteco ≫ Zem800 Firmware Version < 8.88
Zkteco ≫ Zem510 Firmware Version < 8.88
Zkteco ≫ Zem560 Firmware Version < 8.88
Zkteco ≫ Zem760 Firmware Version < 8.88
Zkteco ≫ Zem500 Firmware Version < 8.88
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.61% | 0.93 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-425 Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.