CVE-2016-20031 - Vulnerability Details

- ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp

Description

ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp() method which treats IPv6 loopback address 0:0:0:0:0:0:0:1 as 127.0.0.1 and authenticates using the IP as username with hardcoded password 123456 to access sensitive information and perform unauthorized actions.

Published: 2026-03-15

Score: 6.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability in ZKTeco ZKBioSecurity 3.0 lies in the visLogin.jsp page, which allows an attacker to bypass local authorization by forging a request that appears to originate from the localhost. The application’s EnvironmentUtil.getClientIp() method incorrectly treats the IPv6 loopback address 0:0:0:0:0:0:0:1 as the IPv4 address 127.0.0.1. When this spoofed IP is submitted, the system accepts it as a username and permits login with the hardcoded password 123456, thereby granting access to sensitive information and enabling the execution of unauthorized actions.

Affected Systems

Affected are installations of ZKTeco Inc.’s ZKBioSecurity product, specifically version 3.0. No other versions are listed, so the risk applies to that release only.

Risk and Exploitability

The vulnerability carries a CVSS score of 6.8 and an EPSS probability of less than 1%, indicating moderate severity and low overall exploitation likelihood. It is not catalogued as a known exploited vulnerability. The attack vector requires an entity able to craft a request that mimics a localhost connection, which could be possible from an internal network or a machine with network access to the device. If the device is exposed to external networks, the risk could increase but the requirement for loopback spoofing still limits widespread exploitation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

ZKTeco Inc.

ZKTeco ZKBioSecurity

affected

Version	Status	Constraints
`3.0.1.0_R_230`	affected	—

No data.

Vendor Product Confidence Versions

Zkteco

Zkbiosecurity

95%

Version	Status	Scheme	Platform
`3.0.1.0_R_230`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest ZKBioSecurity firmware update from ZKTeco that patches the visLogin.jsp authorization bypass
If an immediate update is unavailable, block or restrict access to visLogin.jsp using network firewall rules or internal access controls
Configure the system to reject IPv6 loopback addresses or enforce strict IP validation before authentication
Change the hardcoded password from 123456 to a unique, complex value and enforce a password policy
Monitor authentication logs for anomalous login attempts from local or privileged IP addresses

Generated by OpenCVE AI on March 21, 2026 at 14:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00006.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://cxsecurity.com/issue/WLB-2016090003
https://exchange.xforce.ibmcloud.com/vulnerabilities/116488
https://packetstormsecurity.com/files/138571
https://www.exploit-db.com/exploits/40327/
https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-local-authorization-bypass-via-vislogin-jsp
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5367.php

History

Mon, 16 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 16 Mar 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zkteco Zkteco zkbiosecurity
Vendors & Products		Zkteco Zkteco zkbiosecurity

Sun, 15 Mar 2026 14:00:00 +0000

Type	Values Removed	Values Added
Description		ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp() method which treats IPv6 loopback address 0:0:0:0:0:0:0:1 as 127.0.0.1 and authenticates using the IP as username with hardcoded password 123456 to access sensitive information and perform unauthorized actions.
Title		ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp
Weaknesses		CWE-798
References		https://cxsecurity.com/issue/WLB-2016090003 https://exchange.xforce.ibmcloud.com/vulnerabilities/116488 https://packetstormsecurity.com/files/138571 https://www.exploit-db.com/exploits/40327/ https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-local-authorization-bypass-via-vislogin-jsp https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5367.php
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}` cvssV4_0 `{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

Subscriptions

Zkteco Zkbiosecurity

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-03-15T13:35:35.350Z

Updated: 2026-03-16T14:20:19.921Z

Reserved: 2026-03-15T12:37:20.074Z

Link: CVE-2016-20031

Vulnrichment

Updated: 2026-03-16T14:17:43.656Z

NVD

Status : Deferred

Published: 2026-03-16T14:17:49.920

Modified: 2026-04-15T14:56:45.970

Link: CVE-2016-20031

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-23T14:01:45Z

Weaknesses

CWE-798

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object