CVE-2023-3938 - CERT CVE
ID CVE-2023-3938
Sažetak Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects  ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
Reference
CVSS
Base: 4.6
Impact: 3.6
Exploitability:0.9
Pristup
VektorSloženostAutentikacija
PHYSICAL LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
HIGH NONE NONE
CVSS vektor CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Zadnje važnije ažuriranje 21-05-2024 - 12:37
Objavljeno 21-05-2024 - 10:15