Kaspersky reports multiple flaws including critical inZKTeco biometric access control terminal
Take action: If you are using ZkTeco biometric access control terminals, make sure they are isolated from internet and in a trusted secure network segment. Then reach out to vendors for updated firmware.
Learn More
Kaspersky has identified a series of critical cybersecurity vulnerabilities in ZKTeco biometric access control terminals.
The ZKTeco biometric access control terminal is a hybrid device facilitating access control through face biometrics or QR codes. This product, often white-labeled and sold under various names by different distributors, is widely used in high-security environments, including nuclear power plants, and can store thousands of facial templates.
The vulnerabilities are:
- CVE-2023-3938 (CVSS score 4.6) - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database.
- CVE-2023-3939 (CVSS score 10) - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible.
- CVE-2023-3940 (CVSS score 7.5) - Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system.
- CVE-2023-3941 (CVSS score 10) - Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges.
- CVE-2023-3942 (CVSS score 7.5) - An 'SQL Injection' vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the attacker to access user data and system parameters from the database
- CVE-2023-3943 (CVSS score 10) - Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.
The flaws impact ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others. ZKTeco has yet to comment on these findings.
Since it's not clear whether ZkTeco has released paches, the users should isolate the biometric devices within their own network segment, change default passwords to more robust ones, regularly update the firmware and regularly audit the security settings.
