Browse all 9 CVE security advisories affecting ZKTeco Inc.. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ZKTeco Inc. specializes in biometric identification and access control systems, including time attendance and security solutions. Historically, their products have been vulnerable to multiple security issues, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The company has accumulated 9 CVEs on record, with several critical flaws allowing unauthorized access or system compromise. Notable characteristics include hardcoded credentials in firmware, insufficient input validation, and insecure default configurations. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities across their product line suggests significant security challenges that require immediate attention from both the vendor and users implementing their solutions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2016-20031 | ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp — ZKTeco ZKBioSecurityCWE-798 | 5.5 | Medium | 2026-03-15 |
| CVE-2016-20030 | ZKTeco ZKBioSecurity 3.0 User Enumeration via authLoginAction — ZKTeco ZKBioSecurityCWE-551 | 9.8 | Critical | 2026-03-15 |
| CVE-2016-20029 | ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability — ZKTeco ZKBioSecurityCWE-276 | 6.2 | Medium | 2026-03-15 |
| CVE-2016-20028 | ZKTeco ZKBioSecurity 3.0 Cross-Site Request Forgery Superadmin — ZKTeco ZKBioSecurityCWE-352 | 4.3 | Medium | 2026-03-15 |
| CVE-2016-20027 | ZKTeco ZKBioSecurity 3.0 Multiple Reflected XSS Vulnerabilities — ZKTeco ZKBioSecurityCWE-79 | 6.1 | Medium | 2026-03-15 |
| CVE-2016-20026 | ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote Code Execution — ZKTeco ZKBioSecurityCWE-798 | 9.8 | Critical | 2026-03-15 |
This page lists every published CVE security advisory associated with ZKTeco Inc.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.