CVE-2016-20026 in ZKBioSecurity信息

摘要

由 MITRE • 2026-03-16

ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP applications and execute arbitrary code with SYSTEM privileges.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

负责

VulnCheck

预定

2026-03-15

披露

2026-03-16

管理

已接受

条目

VDB-351126

CPE

准备好

CWE

CWE-798 (已确认)

CVSS

9.8 (CNA)

EPSS

0.00075

KEV

否

活动

非常低

来源

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-20026
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-20026
CVE Details	https://www.cvedetails.com/cve/CVE-2016-20026/

◂ 上一步一览下一步 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!