CVE-2016-20029

ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including configuration files, source code, and protected application resources.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cxsecurity.com/issue/WLB-2016090001
https://exchange.xforce.ibmcloud.com/vulnerabilities/116489
https://packetstormsecurity.com/files/138570
https://www.exploit-db.com/exploits/40326/
https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-file-path-manipulation-vulnerability
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5365.php

Configurations

No configuration.

History

15 Apr 2026, 14:56

Type	Values Removed	Values Added
Summary		(es) ZKTeco ZKBioSecurity 3.0 contiene una vulnerabilidad de manipulación de rutas de archivo que permite a los atacantes acceder a archivos arbitrarios modificando las rutas de archivo utilizadas para recuperar recursos locales. Los atacantes pueden manipular los parámetros de ruta para eludir los controles de acceso y recuperar información sensible, incluyendo archivos de configuración, código fuente y recursos de aplicación protegidos.

16 Mar 2026, 14:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-16 14:17

Updated : 2026-04-15 14:56

NVD link : CVE-2016-20029

Mitre link : CVE-2016-20029

CVE.ORG link : CVE-2016-20029

JSON object : View

Products Affected

No product.

CWE

CWE-276

Incorrect Default Permissions

{"id": "CVE-2016-20029", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.5}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-16T14:17:49.527", "references": [{"url": "https://cxsecurity.com/issue/WLB-2016090001", "source": "disclosure@vulncheck.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116489", "source": "disclosure@vulncheck.com"}, {"url": "https://packetstormsecurity.com/files/138570", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/40326/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-file-path-manipulation-vulnerability", "source": "disclosure@vulncheck.com"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5365.php", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including configuration files, source code, and protected application resources."}, {"lang": "es", "value": "ZKTeco ZKBioSecurity 3.0 contiene una vulnerabilidad de manipulaci\u00f3n de rutas de archivo que permite a los atacantes acceder a archivos arbitrarios modificando las rutas de archivo utilizadas para recuperar recursos locales. Los atacantes pueden manipular los par\u00e1metros de ruta para eludir los controles de acceso y recuperar informaci\u00f3n sensible, incluyendo archivos de configuraci\u00f3n, c\u00f3digo fuente y recursos de aplicaci\u00f3n protegidos."}], "lastModified": "2026-04-15T14:56:45.970", "sourceIdentifier": "disclosure@vulncheck.com"}