CVE-2023-3943

Name of the Vulnerable Software and Affected Versions: ZkTeco ProFace X versions prior to the fixed version Smartec ST-FR043 versions prior to the fixed version Smartec ST-FR041ME versions prior to the fixed version ZkTeco-based OEM devices versions prior to the fixed version ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others

Description: The issue is related to a stack-based buffer overflow vulnerability in ZkTeco-based OEM devices, which can allow the execution of arbitrary code due to the lack of protection mechanisms such as stack canaries and PIE. This vulnerability can be exploited by a remote attacker.

Recommendations: For ZkTeco ProFace X, update to a version that includes the fix for this issue. For Smartec ST-FR043, update to a version that includes the fix for this issue. For Smartec ST-FR041ME, update to a version that includes the fix for this issue. For ZkTeco-based OEM devices, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling any functionality that may be using the vulnerable code until a patch is available. Restrict access to the devices to minimize the risk of exploitation.