Category Archives: Advisories

[RT-SA-2021-003] Missing Authentication in ZKTeco ZEM/ZMM Web Interface

Read Time:23 Second

Posted by RedTeam Pentesting GmbH on Oct 24

Advisory: Missing Authentication in ZKTeco ZEM/ZMM Web Interface

The ZKTeco time attendance device does not require authentication to use the
web interface, exposing the database of employees and their credentials.

Details
=======

Product: ZKTeco ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM
Affected Versions: potentially versions below 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210)
Fixed Versions: firmware version 8.88…

Read More