CVE-2016-20024

CRITICAL

ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-20024. PoCs published by LiquidWorm.

AI-analyzed exploit summary The vulnerability involves insecure file permissions in ZKTeco ZKTime.Net 3.0.1.6, where the 'Everyone' group has 'Change' permissions on the installation directory and executables, allowing privilege escalation by replacing binaries. The writeup includes detailed ACL outputs demonstrating the misconfiguration.

Description

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textlocalwindows

https://www.exploit-db.com/exploits/40322

View Code ZIP pw:eip

The vulnerability involves insecure file permissions in ZKTeco ZKTime.Net 3.0.1.6, where the 'Everyone' group has 'Change' permissions on the installation directory and executables, allowing privilege escalation by replacing binaries. The writeup includes detailed ACL outputs demonstrating the misconfiguration.

Classification

Writeup 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: ZKTeco ZKTime.Net 3.0.1.6 and earlier

No auth needed

Prerequisites: Local access to the system · Ability to modify files in the installation directory

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Mar 16, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory third-party-advisory

Zero Science Lab Disclosure

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php

Third Party Advisory third-party-advisory

CXSecurity

https://cxsecurity.com/issue/WLB-2016080264

Vdb Entry vdb-entry

IBM X-Force Exchange

https://exchange.xforce.ibmcloud.com/vulnerabilities/116487

Exploit exploit

Packet Storm Security

https://packetstormsecurity.com/files/138565

Exploit exploit

Reference

https://www.exploit-db.com/exploits/40322/

Third Party Advisory third-party-advisory

VulnCheck Advisory: ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation

https://www.vulncheck.com/advisories/zkteco-zktime-net-insecure-file-permissions-privilege-escalation

Scores

CVSS v3 9.8

EPSS 0.0003

EPSS Percentile 9.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-538

Status published

Products (3)

ZKTeco Inc./ZKTeco ZKTime.Net 3.0.1.1 (160216)

ZKTeco Inc./ZKTeco ZKTime.Net 3.0.1.5 (160622)

ZKTeco Inc./ZKTeco ZKTime.Net 3.0.1.6

Published Mar 16, 2026

Tracked Since Mar 16, 2026