CVE-2023-3939
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
21/05/2024
Last modified:
21/05/2024
Description
Improper Neutralization of Special Elements used in an OS Command (&#39;OS <br />
Command Injection&#39;) vulnerability in ZkTeco-based OEM devices allows OS <br />
Command Injection. <br />
Since all the found command implementations are executed from the <br />
superuser, their impact is the maximum possible.<br />
This issue affects <br />
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec <br />
ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 <br />
and possibly other.
Impact
Base Score 3.x
10.00
Severity 3.x
CRITICAL