{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3939", "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "state": "PUBLISHED", "assignerShortName": "Kaspersky", "dateReserved": "2023-07-25T13:51:45.777Z", "datePublished": "2024-05-21T09:45:00.639Z", "dateUpdated": "2024-08-02T07:08:50.765Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0", "vendor": "ZkTeco", "versions": [{"status": "affected", "version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"}]}], "credits": [{"lang": "en", "type": "finder", "value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nImproper Neutralization of Special Elements used in an OS Command ('OS \nCommand Injection') vulnerability in ZkTeco-based OEM devices allows OS \nCommand Injection. \nSince all the found command implementations are executed from the \nsuperuser, their impact is the maximum possible.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly other.\n\n"}], "value": "Improper Neutralization of Special Elements used in an OS Command ('OS \nCommand Injection') vulnerability in ZkTeco-based OEM devices allows OS \nCommand Injection. \nSince all the found command implementations are executed from the \nsuperuser, their impact is the maximum possible.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly other."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky", "dateUpdated": "2024-05-21T10:11:07.376Z"}, "references": [{"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md"}], "source": {"discovery": "UNKNOWN"}, "timeline": [{"lang": "en", "time": "2023-04-27T21:00:00.000Z", "value": "Vulnerability discovered."}, {"lang": "en", "time": "2023-09-19T14:00:00.000Z", "value": "Initial request to PSIRT@zkteco.com."}, {"lang": "en", "time": "2023-10-03T13:18:00.000Z", "value": "Follow-up with PSIRT@zkteco.com due to no initial response."}, {"lang": "en", "time": "2023-12-20T10:46:00.000Z", "value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."}, {"lang": "en", "time": "2024-05-21T09:44:00.000Z", "value": "No response from vendor; CVE details added to CVE.org."}], "title": "Multiple command injection in ZkTeco-based OEM devices", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3939", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-21T15:01:31.459687Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"], "vendor": "zkteco", "product": "facedepot_7b", "versions": [{"status": "affected", "version": "-", "versionType": "custom", "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"], "vendor": "zkteco", "product": "smartec_st_fr043", "versions": [{"status": "affected", "version": "*", "versionType": "custom", "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"], "vendor": "zkteco", "product": "smartec_st_fr041me", "versions": [{"status": "affected", "version": "*", "versionType": "custom", "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:17:32.124Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:08:50.765Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:08:50.765Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3939", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-21T15:01:31.459687Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"], "vendor": "zkteco", "product": "facedepot_7b", "versions": [{"status": "affected", "version": "-", "versionType": "custom", "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"], "vendor": "zkteco", "product": "smartec_st_fr043", "versions": [{"status": "affected", "version": "*", "versionType": "custom", "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"], "vendor": "zkteco", "product": "smartec_st_fr041me", "versions": [{"status": "affected", "version": "*", "versionType": "custom", "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-21T15:01:38.235Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Multiple command injection in ZkTeco-based OEM devices", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ZkTeco", "product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0", "versions": [{"status": "affected", "version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"}], "defaultStatus": "unknown"}], "timeline": [{"lang": "en", "time": "2023-04-27T21:00:00.000Z", "value": "Vulnerability discovered."}, {"lang": "en", "time": "2023-09-19T14:00:00.000Z", "value": "Initial request to PSIRT@zkteco.com."}, {"lang": "en", "time": "2023-10-03T13:18:00.000Z", "value": "Follow-up with PSIRT@zkteco.com due to no initial response."}, {"lang": "en", "time": "2023-12-20T10:46:00.000Z", "value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."}, {"lang": "en", "time": "2024-05-21T09:44:00.000Z", "value": "No response from vendor; CVE details added to CVE.org."}], "references": [{"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an OS Command ('OS \nCommand Injection') vulnerability in ZkTeco-based OEM devices allows OS \nCommand Injection. \nSince all the found command implementations are executed from the \nsuperuser, their impact is the maximum possible.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly other.", "supportingMedia": [{"type": "text/html", "value": "\nImproper Neutralization of Special Elements used in an OS Command ('OS \nCommand Injection') vulnerability in ZkTeco-based OEM devices allows OS \nCommand Injection. \nSince all the found command implementations are executed from the \nsuperuser, their impact is the maximum possible.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly other.\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky", "dateUpdated": "2024-05-21T10:11:07.376Z"}}}, "cveMetadata": {"cveId": "CVE-2023-3939", "state": "PUBLISHED", "dateUpdated": "2024-08-02T07:08:50.765Z", "dateReserved": "2023-07-25T13:51:45.777Z", "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "datePublished": "2024-05-21T09:45:00.639Z", "assignerShortName": "Kaspersky"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an OS Command ('OS \nCommand Injection') vulnerability in ZkTeco-based OEM devices allows OS \nCommand Injection. \nSince all the found command implementations are executed from the \nsuperuser, their impact is the maximum possible.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly other."}, {"lang": "es", "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyecci\u00f3n de comando del sistema operativo') en dispositivos OEM basados en ZkTeco permite la inyecci\u00f3n de comando del sistema operativo. Dado que todas las implementaciones de comandos encontradas se ejecutan desde el superusuario, su impacto es el m\u00e1ximo posible. Este problema afecta a los dispositivos OEM basados en ZkTeco (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME y posiblemente otros) con ZAM170-NF-1.8.25-7354-Ver1.0.0 y posiblemente otros."}], "id": "CVE-2023-3939", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "vulnerability@kaspersky.com", "type": "Secondary"}]}, "published": "2024-05-21T10:15:09.683", "references": [{"source": "vulnerability@kaspersky.com", "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md"}], "sourceIdentifier": "vulnerability@kaspersky.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "vulnerability@kaspersky.com", "type": "Secondary"}]}

{}

{}