CVE-2016-20031 in ZKBioSecurity信息

摘要

由 MITRE • 2026-03-16

ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp() method which treats IPv6 loopback address 0:0:0:0:0:0:0:1 as 127.0.0.1 and authenticates using the IP as username with hardcoded password 123456 to access sensitive information and perform unauthorized actions.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

负责

VulnCheck

预定

2026-03-15

披露

2026-03-16

管理

已接受

条目

VDB-351133

CPE

准备好

CWE

CWE-798 (已确认)

CVSS

5.5 (CNA)

EPSS

0.00006

KEV

否

活动

非常低

来源

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-20031
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-20031
CVE Details	https://www.cvedetails.com/cve/CVE-2016-20031/

◂ 上一步一览下一步 ▸

Do you know our Splunk app?

Download it now for free!