CVE-2016-20029
MediumCVSS 6.2Summary
ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources.
Risk Assessment
Attackers can bypass access controls and retrieve sensitive information including configuration files, source code, and protected application resources, posing a serious threat to organizational security.
Recommendation
It is recommended to update ZKTeco ZKBioSecurity to the latest version and implement additional security measures to minimize the risk of file path manipulation.
Original NVD description (English source)
ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including configuration files, source code, and protected application resources.

