ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user.
Send the following request as an authenticated user.A copy is available here Don't forget to update cookies.