Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ZKTeco — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting ZKTeco. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ZKTeco specializes in biometric identification and access control systems, with applications in time attendance, security, and workforce management. Historically, their products have faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and insecure default configurations. Security researchers have identified multiple authentication bypass flaws and weak encryption implementations in their devices. While no major public security incidents have been widely documented, the 17 CVEs on record highlight persistent security concerns, particularly in web interfaces and communication protocols. These issues often allow unauthorized access or system compromise, emphasizing the need for rigorous security updates in environments deploying ZKTeco solutions.

Top products by ZKTeco: ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 ZKBio CVSecurity V5000 BioTime ZKBio Access IVS ZKBio Media ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0, Standalone service v. 2.1.6-20200907 iClock v3.1-168 ZKBio Time ZKBio CVSecurity
CVE IDTitleCVSSSeverityPublished
CVE-2025-15128 ZKTeco BioTime Endpoint safe_setting credentials storage — BioTimeCWE-256 5.3 Medium2025-12-28
CVE-2024-13966 ZKTeco BioTime default password — BioTimeCWE-1393 7.3 High2025-05-27
CVE-2025-45746 ZKTeco ZKBio CVSecurity 安全漏洞 — ZKBio CVSecurityCWE-321 6.5 Medium2025-05-13
CVE-2024-11049 ZKTeco ZKBio Time Image File photo direct request — ZKBio TimeCWE-425 3.7 Low2024-11-10
CVE-2024-45250 ZKteco – CWE 200 Exposure of Sensitive Information to an Unauthorized Actor — iClock v3.1-168CWE-200 4.3 Medium2024-10-06
CVE-2024-6523 ZKTeco BioTime system-group-add cross site scripting — BioTimeCWE-79 3.5 Low2024-07-05
CVE-2024-6344 ZKTeco ZKBio CVSecurity V5000 Push Configuration Section cross site scripting — ZKBio CVSecurity V5000CWE-79 2.4 Low2024-06-26
CVE-2024-6006 ZKTeco ZKBio CVSecurity V5000 Summer Schedule cross site scripting — ZKBio CVSecurity V5000CWE-79 3.5 Low2024-06-15
CVE-2024-6005 ZKTeco ZKBio CVSecurity V5000 Department Section cross site scripting — ZKBio CVSecurity V5000CWE-79 3.5 Low2024-06-15
CVE-2023-3943 Multiple buffer overflow in ZkTeco-based OEM devices — ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0CWE-121 10.0 Critical2024-05-21
CVE-2023-3942 Multiple SQLi in ZkTeco-based OEM devices — ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0, Standalone service v. 2.1.6-20200907CWE-89 7.5 High2024-05-21
CVE-2023-3941 Multiple arbitrary file writes in ZkTeco-based OEM devices — ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0CWE-23 10.0 Critical2024-05-21
CVE-2023-3940 Multiple arbitrary file reads in ZkTeco-based OEM devices — ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0CWE-23 7.5 High2024-05-21
CVE-2023-3939 Multiple command injection in ZkTeco-based OEM devices — ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0CWE-78 10.0 Critical2024-05-21
CVE-2023-3938 Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code — ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0CWE-89 4.6 Medium2024-05-21
CVE-2024-2318 ZKTeco ZKBio Media Service Port 9999 download path traversal — ZKBio MediaCWE-24 4.3 Medium2024-03-08
CVE-2024-1706 ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting — ZKBio Access IVSCWE-79 3.5 Low2024-02-21

This page lists every published CVE security advisory associated with ZKTeco. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.