ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid crede

ZKTECO

16-03-2026 11:20

CVE-2016-20031 Vulnerabilidad documentada

Sin puntuación

Tags

#exploit

#using

#form

#add

#zkteco

#vulnerability

#attackers

#bypass

#security

#pass

#password

#allow

#attack

#access

#unauthorized

Descripción

ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp() method which treats IPv6 loopback address 0:0:0:0:0:0:0:1 as 127.0.0.1 and authenticates using IP username with hardcoded password 123456 access sensitive information perform unauthorized actions.

https://cxsecurity.com/issue/WLB-2016090003

https://exchange.xforce.ibmcloud.com/vulnerabilities/116488

https://packetstormsecurity.com/files/138571

https://www.exploit-db.com/exploits/40327/

https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-local-authorization-bypass-via-vislogin-jsp

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5367.php

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2016-20031

Resultados similares

Coincidentes en almenos en 50% de los tags

16-03-2026 CVE-2016-20032
ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that...
Ver información

16-03-2026 CVE-2016-20030
ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated ...
Ver información