CVE-2023-38950

HIGH KEV NUCLEI

ZKTeco BioTime <9.0.120240617.19506 - Path Traversal

Title source: llm

Description

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime.

Nuclei Templates (1)

ZKTeco BioTime v8.5.5 - Path Traversal
HIGHVERIFIEDby iamnoooob,pdresearch
Shodan: http.title:"biotime"
FOFA: title="biotime"

References (5)

Scores

CVSS v3 7.5
EPSS 0.8252
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CISA KEV 2025-05-19
VulnCheck KEV 2025-05-02
ENISA EUVD EUVD-2023-42710
CWE
CWE-22
Status published
Products (1)
zkteco/biotime < 9.0.1
Published Aug 03, 2023
KEV Added May 19, 2025
Tracked Since Feb 18, 2026