Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2016-20024
PUBLISHED
More InfoOfficial Page
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
View Known Exploited Vulnerability (KEV) details
Published At-15 Mar, 2026 | 13:35
Updated At-08 Jun, 2026 | 15:11
Rejected At-
▼CVE Numbering Authority (CNA)
ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation.

Affected Products
Vendor
ZKTeco Inc.
Product
ZKTeco ZKTime.Net
Versions
Affected
  • 3.0.1.6
  • 3.0.1.5 (160622)
  • 3.0.1.1 (160216)
Problem Types
TypeCWE IDDescription
CWECWE-538Insertion of Sensitive Information into Externally-Accessible File or Directory
Type: CWE
CWE ID: CWE-538
Description: Insertion of Sensitive Information into Externally-Accessible File or Directory
Metrics
VersionBase scoreBase severityVector
4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

The affected software ZKTime.Net has been officially discontinued. It is recommended that all users switch to using ZKBio Time.Net software. ZKBio Time.Net has fixed this vulnerability. It is recommended that users use the latest version of ZKBio Time.Net to eliminate the risk.

Configurations
Workarounds
Exploits
Credits
finder
LiquidWorm as Gjoko Krstic of Zero Science Lab
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php
third-party-advisory
https://cxsecurity.com/issue/WLB-2016080264
third-party-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/116487
vdb-entry
https://packetstormsecurity.com/files/138565
exploit
https://www.exploit-db.com/exploits/40322/
exploit
https://www.vulncheck.com/advisories/zkteco-zktime-net-insecure-file-permissions-privilege-escalation
third-party-advisory
Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php
Resource:
third-party-advisory
Hyperlink: https://cxsecurity.com/issue/WLB-2016080264
Resource:
third-party-advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/116487
Resource:
vdb-entry
Hyperlink: https://packetstormsecurity.com/files/138565
Resource:
exploit
Hyperlink: https://www.exploit-db.com/exploits/40322/
Resource:
exploit
Hyperlink: https://www.vulncheck.com/advisories/zkteco-zktime-net-insecure-file-permissions-privilege-escalation
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found