CVE-2016-20026

Name of the Vulnerable Software and Affected Versions ZKTeco ZKBioSecurity version 3.0

Description The software contains hardcoded credentials within the Apache Tomcat server, enabling unauthenticated attackers to access the manager application. Attackers can use these credentials, found in the tomcat-users.xml file, to upload malicious WAR archives containing JSP applications. Successful exploitation allows for the execution of arbitrary code with SYSTEM privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.