Read Time:23 Second
Posted by RedTeam Pentesting GmbH on Oct 24
Advisory: Missing Authentication in ZKTeco ZEM/ZMM Web Interface
The ZKTeco time attendance device does not require authentication to use the
web interface, exposing the database of employees and their credentials.
Details
=======
Product: ZKTeco ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM
Affected Versions: potentially versions below 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210)
Fixed Versions: firmware version 8.88…