CVE-2020-17474

A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
zktecozkbiosecurity_server
1.0.0_20190723:_20190723
zktecofacedepot_7b_firmware
1.0.213
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/8134/zkteco-facedepot-7b-10213-and-zkbiosecurity-server-10020190723-improper-privilege-vulnerability
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/8134/zkteco-facedepot-7b-10213-and-zkbiosecurity-server-10020190723-improper-privilege-vulnerability