CVE-2016-20026

CRITICAL

ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote Code Execution

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-20026. PoCs published by LiquidWorm.

AI-analyzed exploit summary This is a detailed technical writeup describing a hardcoded credentials vulnerability in ZKTeco ZKBioSecurity 3.0, which allows remote SYSTEM code execution via the exposed Tomcat manager application. The writeup includes specific details such as the location of credentials in tomcat-users.xml and steps to deploy a malicious WAR file.

Description

ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP applications and execute arbitrary code with SYSTEM privileges.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textwebappsjsp

https://www.exploit-db.com/exploits/40324

View Code ZIP pw:eip

This is a detailed technical writeup describing a hardcoded credentials vulnerability in ZKTeco ZKBioSecurity 3.0, which allows remote SYSTEM code execution via the exposed Tomcat manager application. The writeup includes specific details such as the location of credentials in tomcat-users.xml and steps to deploy a malicious WAR file.

Classification

Writeup 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ZKTeco ZKBioSecurity 3.0 (multiple modules affected)

Auth required

Prerequisites: Network access to the Tomcat manager interface · Knowledge of hardcoded credentials (zkteco:zkt123)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 16, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory third-party-advisory

Zero Science Lab Disclosure

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5362.php

Third Party Advisory third-party-advisory

CXSecurity

https://cxsecurity.com/issue/WLB-2016080266

Vdb Entry vdb-entry

IBM X-Force Exchange

https://exchange.xforce.ibmcloud.com/vulnerabilities/116484

Exploit exploit

Packet Storm Security

https://packetstormsecurity.com/files/138567

Exploit exploit

Reference

https://www.exploit-db.com/exploits/40324/

Third Party Advisory third-party-advisory

VulnCheck Advisory: ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote Code Execution

https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-hardcoded-credentials-remote-code-execution

Scores

CVSS v3 9.8

EPSS 0.0008

EPSS Percentile 22.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-798

Status published

Products (1)

ZKTeco Inc./ZKTeco ZKBioSecurity 3.0.1.0_R_230

Published Mar 16, 2026

Tracked Since Mar 16, 2026