CVE-2023-3943

CRITICAL

ZkTeco-based OEM devices <1.8.25-7354-Ver1.0.0 - Buffer Overflow

Title source: llm

Description

Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.

References (1)

Core 1

Core References

Various Sources

https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md

View Writeup ZIP pw:eip

Scores

CVSS v3 10.0

EPSS 0.0059

EPSS Percentile 69.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

ZkTeco/ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 ZAM170-NF-1.8.25-7354-Ver1.0.0

Published May 21, 2024

Tracked Since Feb 18, 2026