Publicly reported data breaches in major news outlets or official reports

Kaspersky Lab Finds 24 Critical Flaws in ZKTeco Biometric System, Highlighting Authentication Risks

Jun 14, 2024, 08:09 AM

Researchers at Kaspersky Lab have discovered 24 critical vulnerabilities in ZKTeco's biometric access system. These flaws include remote command injection, arbitrary file read and write, and QR code SQL injection. The vulnerabilities allow attackers to bypass authentication, steal data, and deploy backdoors, posing significant security risks. The findings highlight the importance of addressing security weaknesses in biometric systems to prevent unauthorized access and data breaches. A demo of the vulnerabilities was included.