CVE-2017-14680

HIGH

ZKTeco ZKTime Web 2.0.1.12280 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14680. PoCs published by Arvind V.

AI-analyzed exploit summary The exploit describes a broken authentication vulnerability in ZKTime Web 2.0, allowing unauthorized access to sensitive PDF reports containing employee data. The PoC provides direct URLs to these files, demonstrating the lack of proper authentication.

Description

ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.

Exploits (1)

exploitdb WRITEUP

by Arvind V · textwebappswindows

https://www.exploit-db.com/exploits/43019

View Code ZIP pw:eip

The exploit describes a broken authentication vulnerability in ZKTime Web 2.0, allowing unauthorized access to sensitive PDF reports containing employee data. The PoC provides direct URLs to these files, demonstrating the lack of proper authentication.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: ZKTime Web 2.0.1.12280

No auth needed

Prerequisites: Access to the target network or URL paths

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Mailing List, Third Party Advisory x_refsource_misc

http://seclists.org/bugtraq/2017/Sep/20

Exploit, Mailing List, Third Party Advisory x_refsource_misc

http://seclists.org/fulldisclosure/2017/Sep/39

Scores

CVSS v3 7.5

EPSS 0.0433

EPSS Percentile 89.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

zkteco/zktime_web 2.0.1.12280

Published Sep 21, 2017

Tracked Since Feb 18, 2026