Security Advisory

CVE-2024-35431

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-05-30 16:10:50
Last updated 2025-05-15 21:17:59
Assigner mitre
State PUBLISHED

Description

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. NOTE: Third parties have indicated other versions are also vulnerable including up to 6.4.1.