Unauthenticated Information Disclosure in ZKTeco BioAccess IVS v3.3.1

Unauthenticated Information Disclosure in ZKTeco BioAccess IVS v3.3.1

CVE-2023-38955 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names.

Learn more about our Web Application Penetration Testing UK.