CVE-2016-20029

MEDIUM EPSS 10.7%

Published Mar 16, 20263mo ago · Modified Jun 8, 20263w ago

6.9 CVSS 4.0

Medium

Published Mar 16, 2026 3mo ago

Last Modified Jun 8, 2026 3w ago

Description

ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including configuration files, source code, and protected application resources.

CVSS Details

Base Score

6.9

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Local

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

10.7% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-276

References 6

cxsecurity.com https://cxsecurity.com/issue/WLB-2016090001
exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/116489
packetstormsecurity.com https://packetstormsecurity.com/files/138570
exploit-db.com https://www.exploit-db.com/exploits/40326/
vulncheck.com https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-file-path-manipulation-vulnerability
zeroscience.mk https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5365.php

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.