Path Traversal Vulnerability in ZKTeco BioTime v8.5.5 Allows Arbitrary File Writing via Malicious SFTP Configuration

Path Traversal Vulnerability in ZKTeco BioTime v8.5.5 Allows Arbitrary File Writing via Malicious SFTP Configuration

CVE-2023-38951 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files via using a malicious SFTP configuration.

Learn more about our Iot Penetration Testing.