CVE-2016-20031

MEDIUM

ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-20031. PoCs published by LiquidWorm.

AI-analyzed exploit summary The vulnerability involves an authorization bypass in ZKTeco ZKBioSecurity 3.0 due to improper handling of the 'EnvironmentUtil.getClientIp(request)' method in visLogin.jsp, which allows local authentication bypass by setting the username to '127.0.0.1' and password to '123456'.

Description

ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp() method which treats IPv6 loopback address 0:0:0:0:0:0:0:1 as 127.0.0.1 and authenticates using the IP as username with hardcoded password 123456 to access sensitive information and perform unauthorized actions.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textwebappsjsp

https://www.exploit-db.com/exploits/40327

View Code ZIP pw:eip

The vulnerability involves an authorization bypass in ZKTeco ZKBioSecurity 3.0 due to improper handling of the 'EnvironmentUtil.getClientIp(request)' method in visLogin.jsp, which allows local authentication bypass by setting the username to '127.0.0.1' and password to '123456'.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: ZKTeco ZKBioSecurity 3.0 (visLogin.jsp)

No auth needed

Prerequisites: Access to the login page · IP address manipulation to trigger the bypass condition

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Mar 16, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory third-party-advisory

Zero Science Lab Disclosure

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5367.php

Third Party Advisory third-party-advisory

CXSecurity

https://cxsecurity.com/issue/WLB-2016090003

Vdb Entry vdb-entry

IBM X-Force Exchange

https://exchange.xforce.ibmcloud.com/vulnerabilities/116488

Exploit exploit

Packet Storm Security

https://packetstormsecurity.com/files/138571

Exploit exploit

Reference

https://www.exploit-db.com/exploits/40327/

Third Party Advisory third-party-advisory

VulnCheck Advisory: ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp

https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-local-authorization-bypass-via-vislogin-jsp

Scores

CVSS v3 5.5

EPSS 0.0015

EPSS Percentile 4.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-798

Status published

Products (1)

ZKTeco Inc./ZKTeco ZKBioSecurity 3.0.1.0_R_230

Published Mar 16, 2026

Tracked Since Mar 16, 2026