CVE-2023-38952 Information

Description

Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system.

Reference

https://claroty.com/team82/disclosure-dashboard/cve-2023-38952 http://zkteco.com