CVE-2022-36634 An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to create admin users.

Access control problems in ZKTeco ZKBioSecurity V5000 3.0.5_r allow attackers to access, create, or modify arbitrary database records via a crafted HTTP request. ZKTeco ZKBioSecurity V5000 3.0.5_r does not properly sanitize user input, allowing remote attackers to modify database records or create arbitrary new users via a crafted HTTP request. Access control issues in ZKTeco ZKBioSecurity V5000 3.0.5_r allow attackers to access, create, or modify arbitrary database records via a crafted HTTP request. ZKTeco ZKBioSecurity V5000 3.0.5_r does not properly sanitize user input, allowing remote attackers to modify database records or create arbitrary new users via a crafted HTTP request. Access control issues in ZKTeco ZKBioSecurity V5000 3.0.5_r allow attackers to access, create, or modify arbitrary database records via a crafted HTTP request. ZKTeco ZKBioSecurity V5000 3.0.5_r does not properly sanitize user input, allowing remote attackers to modify database records or create arbitrary new users via a crafted HTTP request. Access control issues in ZKTeco ZKBioSecurity V5000 3.0.5_r allow attackers to access, create, or modify arbitrary database records via a crafted HTTP request. ZKTeco ZKBioSecurity V5000 3.0.5_r does not properly

Summary

CVE-2022-36634 allows attackers to create and modify arbitrary database records. ZKTeco ZKBioSecurity V5000 3.0.5_r does not properly sanitize user input, allowing remote attackers to modify database records or create arbitrary new users via a crafted HTTP request.
Note: This is the CVE ID associated with this blog post

Authentication flaws in ZKTeco ZKBioSecurity V5000 3.0.5_r

Authentication flaws in ZKTeco ZKBioSecurity V5000 3.0.5_r allow attackers to access, create, or modify arbitrary database records via a crafted HTTP request. ZKTeco ZKBioSecurity V5000 3.0.5_r does not properly sanitize user input, allowing remote attackers to modify database records or create arbitrary new users via a crafted HTTP request.

Access Control Issues in ZKTeco ZKBioSecurity V5000 3.0.5_r

Access control issues in ZKTeco ZKBioSecurity V5000 3.0.5_r allow attackers to access, create, or modify arbitrary database records via a crafted HTTP request. ZKTeco ZKBioSecurity V5000 3.0.5_r does not properly sanitize user input, allowing remote attackers to modify database records or create arbitrary new users via a crafted HTTP request. Access control issues in ZKTeco ZKBioSecurity V5000 3.0.5_r allow attackers to access, create, or modify arbitrary database records via a crafted HTTP request. ZKTeco ZKBioSecurity V5000 3.0.5_r does not properly sanitize user input, allowing remote attackers to modify database records or create arbitrary new users via a crafted HTTP request. Access control issues in ZKTeco ZKBioSecurity V5000 3.0.5_r allow attackers to access, create, or modify arbitrary database records via a crafted HTTP request. ZKTeco

Timeline

Published on: 10/07/2022 20:15:00 UTC
Last modified on: 10/11/2022 15:04:00 UTC

References