CVE-2016-20024
CriticalCVSS 9.8Summary
ZKTeco ZKTime.Net version 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries.
Risk Assessment
This vulnerability poses a risk of privilege escalation, which could lead to unauthorized access to the system and its resources. The organization may be exposed to serious data security threats.
Recommendation
It is recommended to review and adjust file permissions in the ZKTimeNet3.0 directory to prevent unauthorized users from modifying executable files. A security audit of the system should also be conducted to identify and mitigate potential threats.
Original NVD description (English source)
ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation.

