CVE-2016-20029
6.2 MEDIUMZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying fil...
Published: 2026-03-16 · Last updated: 2026-06-08
Severity and scoring
- CVSS
- 6.2 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-276
Description
ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including configuration files, source code, and protected application resources.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2016-20029
- [Other]https://cxsecurity.com/issue/WLB-2016090001
- [Other]https://exchange.xforce.ibmcloud.com/vulnerabilities/116489
- [Other]https://packetstormsecurity.com/files/138570
- [Other]https://www.exploit-db.com/exploits/40326/
- [Other]https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-file-path-manipulation-vulnerability
- [Other]https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5365.php
Related CVEs
Same CWE
- CVE-2026-50255 — Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier (6.7 MEDIUM)
- CVE-2026-11931 — Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to ... (5.5 MEDIUM)
- CVE-2026-49157 — Incorrect Default Permissions vulnerability in Apache ActiveMQ (8.8 HIGH)
- CVE-2026-48191 — An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Filters modules... (3.5 LOW)
- CVE-2026-48190 — An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query ... (3.5 LOW)