CVE-2023-4587

Name of the Vulnerable Software and Affected Versions ZKTeco ZEM800 version 6.60

Description An IDOR vulnerability has been found in the ZKTeco ZEM800 product. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server.

Recommendations For version 6.60, consider restricting access to the device configuration files and registered user backup files to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the access to the local network and VPN server to reduce the attack surface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.