CVE-2023-38952

HIGH EXPLOITED NUCLEI

ZKTeco BioTime <9.0.1 - Privilege Escalation

Title source: llm

Description

Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege restrictions between non-admin and admin users are not enforced and any authenticated user can leverage admin functions without restriction by making direct requests to administrative endpoints.

Nuclei Templates (1)

ZKTeco BioTime <= 9.0.1 - Privilege Escalation

HIGHVERIFIEDby riteshs4hu

Shodan: http.html:"ZKTeco Security"

FOFA: body="ZKTeco Security"

References (5)

[Various Sources] https://github.com/omair2084/biotime-rce-8.5.5/blob/main/biotime_enum.py

View Writeup ZIP pw:eip

[Various Sources] https://krashconsulting.com/fury-of-fingers-biotime-rce/

[Various Sources] https://sploitus.com/exploit?id=PACKETSTORM:177859

[Product] http://zkteco.com

[Third Party Advisory] https://claroty.com/team82/disclosure-dashboard/cve-2023-38952

Scores

CVSS v3 7.5

EPSS 0.1258

EPSS Percentile 94.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2025-05-02

CWE

CWE-552

Status published

Products (1)

zkteco/biotime 8.5.5

Published Aug 03, 2023

Tracked Since Feb 18, 2026