{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2016-20024", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-15T12:36:03.511Z", "datePublished": "2026-03-15T13:35:11.360Z", "dateUpdated": "2026-03-16T14:20:21.142Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-15T13:35:11.360Z"}, "datePublic": "2016-08-30T00:00:00.000Z", "title": "ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation", "descriptions": [{"lang": "en", "value": "ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Insertion of Sensitive Information into Externally-Accessible File or Directory", "cweId": "CWE-538", "type": "CWE"}]}], "affected": [{"vendor": "ZKTeco Inc.", "product": "ZKTeco ZKTime.Net", "versions": [{"version": "3.0.1.6", "status": "affected"}, {"version": "3.0.1.5 (160622)", "status": "affected"}, {"version": "3.0.1.1 (160216)", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php", "name": "Zero Science Lab Disclosure", "tags": ["third-party-advisory"]}, {"url": "https://cxsecurity.com/issue/WLB-2016080264", "name": "CXSecurity", "tags": ["third-party-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116487", "name": "IBM X-Force Exchange", "tags": ["vdb-entry"]}, {"url": "https://packetstormsecurity.com/files/138565", "name": "Packet Storm Security", "tags": ["exploit"]}, {"url": "https://www.exploit-db.com/exploits/40322/", "name": "Reference", "tags": ["exploit"]}, {"name": "VulnCheck Advisory: ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/zkteco-zktime-net-insecure-file-permissions-privilege-escalation"}], "credits": [{"lang": "en", "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2016-20024", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-16T14:15:52.330964Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T14:20:21.142Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2016-20024", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-16T14:15:52.330964Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T14:18:00.739Z"}}], "cna": {"title": "ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation", "credits": [{"lang": "en", "type": "finder", "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "ZKTeco Inc.", "product": "ZKTeco ZKTime.Net", "versions": [{"status": "affected", "version": "3.0.1.6"}, {"status": "affected", "version": "3.0.1.5 (160622)"}, {"status": "affected", "version": "3.0.1.1 (160216)"}]}], "datePublic": "2016-08-30T00:00:00.000Z", "references": [{"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php", "name": "Zero Science Lab Disclosure", "tags": ["third-party-advisory"]}, {"url": "https://cxsecurity.com/issue/WLB-2016080264", "name": "CXSecurity", "tags": ["third-party-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116487", "name": "IBM X-Force Exchange", "tags": ["vdb-entry"]}, {"url": "https://packetstormsecurity.com/files/138565", "name": "Packet Storm Security", "tags": ["exploit"]}, {"url": "https://www.exploit-db.com/exploits/40322/", "name": "Reference", "tags": ["exploit"]}, {"url": "https://www.vulncheck.com/advisories/zkteco-zktime-net-insecure-file-permissions-privilege-escalation", "name": "VulnCheck Advisory: ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-538", "description": "Insertion of Sensitive Information into Externally-Accessible File or Directory"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-15T13:35:11.360Z"}}}, "cveMetadata": {"cveId": "CVE-2016-20024", "state": "PUBLISHED", "dateUpdated": "2026-03-16T14:20:21.142Z", "dateReserved": "2026-03-15T12:36:03.511Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-15T13:35:11.360Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation."}, {"lang": "es", "value": "ZKTeco ZKTime.Net 3.0.1.6 contiene una vulnerabilidad de permisos de archivo inseguros que permite a usuarios sin privilegios realizar una escalada de privilegios mediante la modificaci\u00f3n de archivos ejecutables. Los atacantes pueden explotar los permisos de escritura global (world-writable) en el directorio ZKTimeNet3.0 y su contenido para reemplazar archivos ejecutables con binarios maliciosos para la escalada de privilegios."}], "id": "CVE-2016-20024", "lastModified": "2026-04-15T14:56:45.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-16T14:17:48.350", "references": [{"source": "disclosure@vulncheck.com", "url": "https://cxsecurity.com/issue/WLB-2016080264"}, {"source": "disclosure@vulncheck.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116487"}, {"source": "disclosure@vulncheck.com", "url": "https://packetstormsecurity.com/files/138565"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/40322/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/zkteco-zktime-net-insecure-file-permissions-privilege-escalation"}, {"source": "disclosure@vulncheck.com", "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-538"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.0.1.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.0.1.5 (160622)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.0.1.1 (160216)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}]}, "product": "zktime.net", "vendor": "zkteco"}], "analysis": {"en": {"generated_at": "2026-03-21T15:07:01.022977+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011issued patch or upgrade ZKTime.Net to a version newer than 3.0.1.6", "Remove world\u2011writable permissions from the ZKTimeNet3.0 directory and all contained files", "Set the directory and executable files to root ownership with 755 permissions", "Verify that only privileged users can write to the service folder"], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation via Insecure File Permissions"}, "threat_synthesis": {"affected_systems": "ZKTeco Inc. delivers the ZKTeco ZKTime.Net product, and the affected version is 3.0.1.6. The issue resides in the ZKTimeNet3.0 directory, which is world\u2011writable and contains executable files that can be altered by non\u2011privileged users.", "description_and_impact": "This vulnerability stems from insecure file permissions that allow an unprivileged user to modify executable files within the ZKTimeNet3.0 directory. By replacing the original binaries with malicious ones, an attacker can obtain elevated privileges. The weakness aligns with CWE\u2011538, a high\u2011severity flaw that directly enables privilege escalation.", "risk_and_exploitability": "The CVSS score of 9.3 denotes severe risk while the EPSS score of less than 1% indicates a low probability of exploitation. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog. An attacker would need local access to the system and can exploit the world\u2011writable permission on the service directory to replace binaries, thereby gaining system\u2011wide administrative rights."}}}}, "created": "2026-03-16T09:21:51.015978+00:00", "updated": "2026-03-23T14:01:52.060369+00:00", "vendors": ["zkteco", "zkteco$PRODUCT$zktime.net"]}