Zkteco · Zkbio Cvsecurity V5000 · CVE-2022-36634
**Name of the Vulnerable Software and Affected Versions**
ZKTeco ZKBioSecurity V5000 version 3.0.5 r
**Description**
An access control issue allows attackers to arbitrarily create admin users via a crafted HTTP request.
**Recommendations**
For ZKTeco ZKBioSecurity V5000 version 3.0.5 r, consider restricting access to the admin user creation functionality until a patch is available. As a temporary workaround, monitor user account creations closely to detect and respond to potential unauthorized admin user additions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.