{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2016-20029", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-15T12:37:00.981Z", "datePublished": "2026-03-15T13:35:26.328Z", "dateUpdated": "2026-06-08T15:11:47.680Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-06-08T15:11:47.680Z"}, "datePublic": "2016-08-31T00:00:00.000Z", "title": "ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability", "descriptions": [{"lang": "en", "value": "ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including configuration files, source code, and protected application resources."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Incorrect Default Permissions", "cweId": "CWE-276", "type": "CWE"}]}], "affected": [{"vendor": "ZKTeco Inc.", "product": "ZKTeco ZKBioSecurity", "versions": [{"version": "3.0.1.0_R_230", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5365.php", "name": "Zero Science Lab Disclosure", "tags": ["third-party-advisory"]}, {"url": "https://cxsecurity.com/issue/WLB-2016090001", "name": "CXSecurity", "tags": ["third-party-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116489", "name": "IBM X-Force Exchange", "tags": ["vdb-entry"]}, {"url": "https://packetstormsecurity.com/files/138570", "name": "Packet Storm Security", "tags": ["exploit"]}, {"url": "https://www.exploit-db.com/exploits/40326/", "name": "Reference", "tags": ["exploit"]}, {"name": "VulnCheck Advisory: ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-file-path-manipulation-vulnerability"}], "credits": [{"lang": "en", "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "solutions": [{"lang": "en", "value": "The affected software ZKBioSecurity and ZKAccess have been officially discontinued. It is recommended that users switch to using ZKBio CVSecurity software. ZKBio CVSecurity has fixed these vulnerabilities. It is recommended that customers use the latest version of ZKBio CVSecurity to eliminate risks."}], "tags": ["unsupported-when-assigned"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2016-20029", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T14:14:27.471423Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T14:20:20.265Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2016-20029", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T14:14:27.471423Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T14:17:48.216Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "ZKTeco Inc.", "product": "ZKTeco ZKBioSecurity", "versions": [{"status": "affected", "version": "3.0.1.0_R_230"}]}], "solutions": [{"lang": "en", "value": "The affected software ZKBioSecurity and ZKAccess have been officially discontinued. It is recommended that users switch to using ZKBio CVSecurity software. ZKBio CVSecurity has fixed these vulnerabilities. It is recommended that customers use the latest version of ZKBio CVSecurity to eliminate risks."}], "datePublic": "2016-08-31T00:00:00.000Z", "references": [{"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5365.php", "name": "Zero Science Lab Disclosure", "tags": ["third-party-advisory"]}, {"url": "https://cxsecurity.com/issue/WLB-2016090001", "name": "CXSecurity", "tags": ["third-party-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116489", "name": "IBM X-Force Exchange", "tags": ["vdb-entry"]}, {"url": "https://packetstormsecurity.com/files/138570", "name": "Packet Storm Security", "tags": ["exploit"]}, {"url": "https://www.exploit-db.com/exploits/40326/", "name": "Reference", "tags": ["exploit"]}, {"url": "https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-file-path-manipulation-vulnerability", "name": "VulnCheck Advisory: ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including configuration files, source code, and protected application resources."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "Incorrect Default Permissions"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-06-08T15:11:47.680Z"}}}, "cveMetadata": {"cveId": "CVE-2016-20029", "state": "PUBLISHED", "dateUpdated": "2026-06-08T15:11:47.680Z", "dateReserved": "2026-03-15T12:37:00.981Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-15T13:35:26.328Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [{"sourceIdentifier": "disclosure@vulncheck.com", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including configuration files, source code, and protected application resources."}, {"lang": "es", "value": "ZKTeco ZKBioSecurity 3.0 contiene una vulnerabilidad de manipulaci\u00f3n de rutas de archivo que permite a los atacantes acceder a archivos arbitrarios modificando las rutas de archivo utilizadas para recuperar recursos locales. Los atacantes pueden manipular los par\u00e1metros de ruta para eludir los controles de acceso y recuperar informaci\u00f3n sensible, incluyendo archivos de configuraci\u00f3n, c\u00f3digo fuente y recursos de aplicaci\u00f3n protegidos."}], "id": "CVE-2016-20029", "lastModified": "2026-06-08T16:16:32.683", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-16T14:17:49.527", "references": [{"source": "disclosure@vulncheck.com", "url": "https://cxsecurity.com/issue/WLB-2016090001"}, {"source": "disclosure@vulncheck.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116489"}, {"source": "disclosure@vulncheck.com", "url": "https://packetstormsecurity.com/files/138570"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/40326/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-file-path-manipulation-vulnerability"}, {"source": "disclosure@vulncheck.com", "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5365.php"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.0.1.0_R_230"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}]}, "product": "zkbiosecurity", "vendor": "zkteco"}], "analysis": {"en": {"generated_at": "2026-03-21T14:38:22.336038+00:00", "value": {"mitigation_remediation": ["Upgrade or apply vendor-published patch for ZKTeco ZKBioSecurity 3.0.", "If a patch is not available, restrict the administration interface to trusted internal IP addresses and block all other inbound traffic.", "Apply file permission restrictions to essential configuration files so only privileged processes can read them.", "Enable detailed logging for file access on the device and regularly review logs for suspicious activity.", "Follow the vendor's secure configuration guidelines and verify that path validation logic is correctly implemented."], "summary": {"action": "Immediate Patch", "impact": "Confidential data exposure by arbitrary file read"}, "threat_synthesis": {"affected_systems": "The flaw affects ZKTeco Inc. ZKBioSecurity 3.0. The affected version is 3.0; no narrower sub\u2011version information is available from the CNA. Any deployment of this product without a patch may be vulnerable.", "description_and_impact": "The vulnerability is a file path manipulation flaw in ZKTeco ZKBioSecurity 3.0. The application does not properly validate path parameters used to retrieve local resources, enabling an attacker to craft requests that point to arbitrary files on the system. By exploiting this flaw, an attacker can read sensitive files such as configuration files, source code, and other protected application resources. This leads to potential disclosure of credentials, configuration details, and other confidential data, thereby compromising the confidentiality of the system.", "risk_and_exploitability": "The CVSS score of 6.9 classifies this issue as moderate severity. The EPSS score is less than 1%, indicating a low likelihood of exploitation in the wild, and it is not listed in the CISA KEV catalog. The most probable attack vector is remote; the flaw can be triggered by sending crafted URL parameters to the device's web interface from an external network. Successful exploitation requires network connectivity to the administration interface, but no authentication is needed to read the protected files, making the vulnerability highly dangerous if exposed to untrusted networks."}}}}, "created": "2026-03-16T09:21:43.459676+00:00", "updated": "2026-03-23T14:01:47.276091+00:00", "vendors": ["zkteco", "zkteco$PRODUCT$zkbiosecurity"]}