CVE-2016-20025 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying execu…
High CVSS: 8.7

CVE-2016-20025

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.
Vendor
-
Product
-
CWE
CWE-552
Yayın Tarihi
2026-03-16 14:17:48
Güncelleme
2026-03-16 14:53:46
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-552 HIGH 2026

Referanslar

https://cxsecurity.com/issue/WLB-2016080265 https://exchange.xforce.ibmcloud.com/vulnerabilities/116486 https://packetstormsecurity.com/files/138566 https://www.exploit-db.com/exploits/40323/ https://www.vulncheck.com/advisories/zkteco-zkaccess-professional-privilege-escalation-via-insecure-permissions https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5361.php