CVE-2016-20024
9.8 CRITICALZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by mo...
Published: 2026-03-16 · Last updated: 2026-06-08
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-538
Description
ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2016-20024
- [Other]https://cxsecurity.com/issue/WLB-2016080264
- [Other]https://exchange.xforce.ibmcloud.com/vulnerabilities/116487
- [Other]https://packetstormsecurity.com/files/138565
- [Other]https://www.exploit-db.com/exploits/40322/
- [Other]https://www.vulncheck.com/advisories/zkteco-zktime-net-insecure-file-permissions-privilege-escalation
- [Other]https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php
Related CVEs
Same CWE
- CVE-2026-50099 — During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed ... (4.6 MEDIUM)
- CVE-2026-50565 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (4.9 MEDIUM)
- CVE-2026-46617 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes
- CVE-2026-29114 — A vulnerability has been found in some Dahua products
- CVE-2019-25717 — Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated n... (4.3 MEDIUM)