CVE-2022-42953

HIGH EXPLOITED

ZKTeco ZEM and ZMM Firmware - Unauthenticated Sensitive Information Exposure via Direct Request

Title source: llm

Exploitation Summary

CVE-2022-42953 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including RedTeam Pentesting GmbH.

AI-analyzed exploit summary The exploit details a missing authentication vulnerability in ZKTeco ZEM/ZMM devices, allowing unauthenticated access to sensitive employee data and credentials via specific URLs. The proof of concept demonstrates how to retrieve backup files and user details without authentication.

Description

Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be before 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210). The fixed versions are firmware version 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and firmware version 15.00 (ZMM200-220-210).

Exploits (1)

exploitdb WRITEUP

by RedTeam Pentesting GmbH · textwebappsjsp

https://www.exploit-db.com/exploits/51112

View Code ZIP pw:eip

The exploit details a missing authentication vulnerability in ZKTeco ZEM/ZMM devices, allowing unauthenticated access to sensitive employee data and credentials via specific URLs. The proof of concept demonstrates how to retrieve backup files and user details without authentication.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: ZKTeco ZEM/ZMM 8.88 and below

No auth needed

Prerequisites: Network access to the vulnerable device

MITRE ATT&CK

T1189 - Drive-by Compromise T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Mailing List, Third Party Advisory

https://seclists.org/fulldisclosure/2022/Oct/23

Exploit, Third Party Advisory

https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses

Scores

CVSS v3 7.5

EPSS 0.0483

EPSS Percentile 90.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2024-01-06

CWE

CWE-425

Status published

Products (10)

zkteco/zem500_firmware < 8.88

zkteco/zem510_firmware < 8.88

zkteco/zem560_firmware < 8.88

zkteco/zem600_firmware < 8.88

zkteco/zem720_firmware < 8.88

zkteco/zem760_firmware < 8.88

zkteco/zem800_firmware < 8.88

zkteco/zmm200_firmware < 15.00

zkteco/zmm210_firmware < 15.00

zkteco/zmm220_firmware < 15.00

Published Dec 25, 2022

Tracked Since Feb 18, 2026