10
CVE-2023-3943
- EPSS 0.96%
- Veröffentlicht 21.05.2024 14:15:11
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle vulnerability@kaspersky.com
- CVE-Watchlists
- Unerledigt
Multiple buffer overflow in ZkTeco-based OEM devices
Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerzkteco
≫
Produkt
facedepot_7b
Default Statusunknown
Version <=
ZAM170-NF-1.8.25-7354-Ver1.0.0
Version
0
Status
affected
Herstellerzkteco
≫
Produkt
smartec_st_fr041me
Default Statusunknown
Version <=
ZAM170-NF-1.8.25-7354-Ver1.0.0
Version
0
Status
affected
Herstellerzkteco
≫
Produkt
smartec_st_fr043
Default Statusunknown
Version <=
ZAM170-NF-1.8.25-7354-Ver1.0.0
Version
0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.96% | 0.568 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| vulnerability@kaspersky.com | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md