CVE-2023-3940

Name of the Vulnerable Software and Affected Versions ZkTeco ProFace X versions ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others Smartec ST-FR043 versions ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others Smartec ST-FR041ME versions ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others

Description The issue is related to errors in processing relative paths to directories, allowing an attacker to bypass security restrictions and gain unauthorized access to protected information. This vulnerability enables an attacker to access any file on the system.

Recommendations For ZkTeco ProFace X version ZAM170-NF-1.8.25-7354-Ver1.0.0, consider disabling access to sensitive files until a patch is available. For Smartec ST-FR043 version ZAM170-NF-1.8.25-7354-Ver1.0.0, restrict access to the file system to minimize the risk of exploitation. For Smartec ST-FR041ME version ZAM170-NF-1.8.25-7354-Ver1.0.0, avoid using relative paths in directory processing until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.