{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2016-20030", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-15T12:37:09.340Z", "datePublished": "2026-03-15T13:35:32.348Z", "dateUpdated": "2026-06-08T15:11:53.975Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-06-08T15:11:53.975Z"}, "datePublic": "2016-08-31T00:00:00.000Z", "title": "ZKTeco ZKBioSecurity 3.0 User Enumeration via authLoginAction", "descriptions": [{"lang": "en", "value": "ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attackers can send requests to the authLoginAction!login.do script with varying username inputs to enumerate valid user accounts based on application responses."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization", "cweId": "CWE-551", "type": "CWE"}]}], "affected": [{"vendor": "ZKTeco Inc.", "product": "ZKTeco ZKBioSecurity", "versions": [{"version": "3.0.1.0_R_230", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5366.php", "name": "Zero Science Lab Disclosure", "tags": ["third-party-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116485", "name": "IBM X-Force Exchange", "tags": ["vdb-entry"]}, {"url": "https://packetstormsecurity.com/files/138573", "name": "Packet Storm Security", "tags": ["exploit"]}, {"name": "VulnCheck Advisory: ZKTeco ZKBioSecurity 3.0 User Enumeration via authLoginAction", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-user-enumeration-via-authloginaction"}], "credits": [{"lang": "en", "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "solutions": [{"lang": "en", "value": "The affected software ZKBioSecurity and ZKAccess have been officially discontinued. It is recommended that users switch to using ZKBio CVSecurity software. ZKBio CVSecurity has fixed these vulnerabilities. It is recommended that customers use the latest version of ZKBio CVSecurity to eliminate risks."}], "tags": ["unsupported-when-assigned"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2016-20030", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T14:14:00.622167Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T14:20:20.095Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2016-20030", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T14:14:00.622167Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T14:17:46.042Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "ZKTeco ZKBioSecurity 3.0 User Enumeration via authLoginAction", "credits": [{"lang": "en", "type": "finder", "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "ZKTeco Inc.", "product": "ZKTeco ZKBioSecurity", "versions": [{"status": "affected", "version": "3.0.1.0_R_230"}]}], "solutions": [{"lang": "en", "value": "The affected software ZKBioSecurity and ZKAccess have been officially discontinued. It is recommended that users switch to using ZKBio CVSecurity software. ZKBio CVSecurity has fixed these vulnerabilities. It is recommended that customers use the latest version of ZKBio CVSecurity to eliminate risks."}], "datePublic": "2016-08-31T00:00:00.000Z", "references": [{"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5366.php", "name": "Zero Science Lab Disclosure", "tags": ["third-party-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116485", "name": "IBM X-Force Exchange", "tags": ["vdb-entry"]}, {"url": "https://packetstormsecurity.com/files/138573", "name": "Packet Storm Security", "tags": ["exploit"]}, {"url": "https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-user-enumeration-via-authloginaction", "name": "VulnCheck Advisory: ZKTeco ZKBioSecurity 3.0 User Enumeration via authLoginAction", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attackers can send requests to the authLoginAction!login.do script with varying username inputs to enumerate valid user accounts based on application responses."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-551", "description": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-06-08T15:11:53.975Z"}}}, "cveMetadata": {"cveId": "CVE-2016-20030", "state": "PUBLISHED", "dateUpdated": "2026-06-08T15:11:53.975Z", "dateReserved": "2026-03-15T12:37:09.340Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-15T13:35:32.348Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [{"sourceIdentifier": "disclosure@vulncheck.com", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attackers can send requests to the authLoginAction!login.do script with varying username inputs to enumerate valid user accounts based on application responses."}, {"lang": "es", "value": "ZKTeco ZKBioSecurity 3.0 contiene una vulnerabilidad de enumeraci\u00f3n de usuarios que permite a atacantes no autenticados descubrir nombres de usuario v\u00e1lidos al enviar caracteres parciales a trav\u00e9s del par\u00e1metro username. Los atacantes pueden enviar solicitudes al script authLoginAction!login.do con diferentes entradas de nombre de usuario para enumerar cuentas de usuario v\u00e1lidas bas\u00e1ndose en las respuestas de la aplicaci\u00f3n."}], "id": "CVE-2016-20030", "lastModified": "2026-06-08T16:16:32.817", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-16T14:17:49.727", "references": [{"source": "disclosure@vulncheck.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116485"}, {"source": "disclosure@vulncheck.com", "url": "https://packetstormsecurity.com/files/138573"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-user-enumeration-via-authloginaction"}, {"source": "disclosure@vulncheck.com", "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5366.php"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-551"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.0.1.0_R_230"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "product": "zkbiosecurity", "vendor": "zkteco"}], "analysis": {"en": {"generated_at": "2026-03-21T14:38:15.251445+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch or upgrade to the latest ZKBioSecurity firmware that eliminates the enumeration flaw.", "If a patch is not currently available, restrict network access to the authentication endpoint by firewall rules or IP filtering, allowing only trusted management traffic.", "Monitor authentication logs for repeated failed or partial username submissions and alert on suspicious activity.", "Consider disabling or relocating the authentication service behind a VPN to reduce exposure."], "summary": {"action": "Immediate Patch", "impact": "User enumeration"}, "threat_synthesis": {"affected_systems": "Both ZKTeco Inc. and its ZKBioSecurity access control system are affected. The vulnerability exists in version 3.0 of ZKBioSecurity. No other versions were listed, so only this specific release is known to be impacted.", "description_and_impact": "ZKTeco ZKBioSecurity 3.0 contains a vulnerability that allows an unauthenticated attacker to enumerate valid usernames by submitting partial username strings to the authLoginAction!login.do endpoint. The application returns distinguishable responses based on whether the supplied prefix matches an existing account, enabling enumeration of user identities. This user enumeration weakness can be leveraged to facilitate subsequent credential guessing or phishing attacks, compromising confidentiality and enabling targeted attacks. This vulnerability is an example of CWE\u2011551.", "risk_and_exploitability": "With a CVSS score of 9.3 the flaw is considered critical, yet the EPSS score of less than 1% indicates a very low probability of exploitation in the wild. The vulnerability is not cataloged in the CISA KEV list. An attacker can exploit it remotely by sending HTTP requests over the network to the affected device, provided the authLoginAction!login.do endpoint is reachable. Due to the lack of authentication, any network participant could begin enumeration, which can be automated via scripts."}}}}, "created": "2026-03-16T09:21:41.926104+00:00", "updated": "2026-03-23T14:01:46.382109+00:00", "vendors": ["zkteco", "zkteco$PRODUCT$zkbiosecurity"]}