CVE-2023-3939

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
21/05/2024
Last modified:
21/05/2024

Description

Improper Neutralization of Special Elements used in an OS Command (&amp;#39;OS <br /> Command Injection&amp;#39;) vulnerability in ZkTeco-based OEM devices allows OS <br /> Command Injection. <br /> Since all the found command implementations are executed from the <br /> superuser, their impact is the maximum possible.<br /> This issue affects <br /> ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec <br /> ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 <br /> and possibly other.