CVE-2016-20029 - Vulnerability Details

- ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability

Description

ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including configuration files, source code, and protected application resources.

Published: 2026-03-15

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a file path manipulation flaw in ZKTeco ZKBioSecurity 3.0. The application does not properly validate path parameters used to retrieve local resources, enabling an attacker to craft requests that point to arbitrary files on the system. By exploiting this flaw, an attacker can read sensitive files such as configuration files, source code, and other protected application resources. This leads to potential disclosure of credentials, configuration details, and other confidential data, thereby compromising the confidentiality of the system.

Affected Systems

The flaw affects ZKTeco Inc. ZKBioSecurity 3.0. The affected version is 3.0; no narrower sub‑version information is available from the CNA. Any deployment of this product without a patch may be vulnerable.

Risk and Exploitability

The CVSS score of 6.9 classifies this issue as moderate severity. The EPSS score is less than 1%, indicating a low likelihood of exploitation in the wild, and it is not listed in the CISA KEV catalog. The most probable attack vector is remote; the flaw can be triggered by sending crafted URL parameters to the device's web interface from an external network. Successful exploitation requires network connectivity to the administration interface, but no authentication is needed to read the protected files, making the vulnerability highly dangerous if exposed to untrusted networks.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

ZKTeco Inc.

ZKTeco ZKBioSecurity

affected

Version	Status	Constraints
`3.0.1.0_R_230`	affected	—

No data.

Vendor Product Confidence Versions

Zkteco

Zkbiosecurity

95%

Version	Status	Scheme	Platform
`3.0.1.0_R_230`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade or apply vendor-published patch for ZKTeco ZKBioSecurity 3.0.
If a patch is not available, restrict the administration interface to trusted internal IP addresses and block all other inbound traffic.
Apply file permission restrictions to essential configuration files so only privileged processes can read them.
Enable detailed logging for file access on the device and regularly review logs for suspicious activity.
Follow the vendor's secure configuration guidelines and verify that path validation logic is correctly implemented.

Generated by OpenCVE AI on March 21, 2026 at 14:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00011.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://cxsecurity.com/issue/WLB-2016090001
https://exchange.xforce.ibmcloud.com/vulnerabilities/116489
https://packetstormsecurity.com/files/138570
https://www.exploit-db.com/exploits/40326/
https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-file-path-manipulation-vulnerability
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5365.php

History

Mon, 16 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 16 Mar 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zkteco Zkteco zkbiosecurity
Vendors & Products		Zkteco Zkteco zkbiosecurity

Sun, 15 Mar 2026 14:00:00 +0000

Type	Values Removed	Values Added
Description		ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including configuration files, source code, and protected application resources.
Title		ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability
Weaknesses		CWE-276
References		https://cxsecurity.com/issue/WLB-2016090001 https://exchange.xforce.ibmcloud.com/vulnerabilities/116489 https://packetstormsecurity.com/files/138570 https://www.exploit-db.com/exploits/40326/ https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-file-path-manipulation-vulnerability https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5365.php
Metrics		cvssV3_1 `{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

Subscriptions

Zkteco Zkbiosecurity

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-03-15T13:35:26.328Z

Updated: 2026-03-16T14:20:20.265Z

Reserved: 2026-03-15T12:37:00.981Z

Link: CVE-2016-20029

Vulnrichment

Updated: 2026-03-16T14:17:48.216Z

NVD

Status : Deferred

Published: 2026-03-16T14:17:49.527

Modified: 2026-04-15T14:56:45.970

Link: CVE-2016-20029

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-23T14:01:47Z

Weaknesses

CWE-276

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object