CVE-2016-20029
File Path Manipulation in ZKTeco ZKBioSecurity 3.0 Enables Data Exposure
Publication date: 2026-03-16
Last updated on: 2026-03-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zkteco | zkbiosecurity | 3.0.1.0_r_230 |
| zkteco | zkbiosecurity | to 3.0.1.0_R_230 (inc) |
| zkteco | zkbiosecurity | 1.0.1.0_r_1916 |
| zkteco | zkbiosecurity | 6.0.1.0_r_1757 |
| zkteco | zkbiosecurity | 2.0.1.0_r_777 |
| zkteco | zkbiosecurity | 2.0.1.0_r_877 |
| zkteco | zkbiosecurity | 2.0.1.0_r_489 |
| zkteco | zkbiosecurity | 1.0.1.0_r_197 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2016-20029 is a file path manipulation vulnerability in ZKTeco ZKBioSecurity 3.0, a web-based security platform integrating access control, video linkage, elevator control, and visitor management modules.
This vulnerability allows attackers to manipulate file path parameters used by the application to retrieve local resources. By injecting or modifying these path parameters, attackers can bypass access controls and access arbitrary files on the system.
Exploitation can lead to unauthorized disclosure of sensitive information such as application configuration files, server-executable script source code, and protected application resources that are normally inaccessible.
An example exploit involves accessing crafted URLs that traverse directories to reach protected files, such as retrieving the web.xml configuration file from the WEB-INF directory.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to gain unauthorized access to sensitive files on your system.
- Disclosure of sensitive configuration files that may contain critical system or application settings.
- Exposure of source code for server-executable scripts, which could aid attackers in crafting further attacks.
- Access to protected application resources that are not normally accessible, potentially revealing internal workings or sensitive data.
Such unauthorized access can compromise the confidentiality of your system and may lead to further exploitation or data breaches.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to access sensitive files through manipulated URL parameters that perform directory traversal. For example, by crafting a URL that includes path traversal sequences to access protected files such as configuration files.'}, {'type': 'paragraph', 'content': 'A demonstrated command to test this vulnerability is to use a web browser or a tool like curl or wget to request a URL similar to the following:'}, {'type': 'list_item', 'content': 'curl "http://<target-ip>:8088/baseAction!getPageXML.action?xmlPath=/vid/../WEB-INF/web.xml"'}, {'type': 'paragraph', 'content': 'If the server responds with the contents of the protected file (e.g., web.xml), it indicates the vulnerability is present.'}] [1, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable web application to trusted networks only, such as limiting access via firewall rules or network segmentation.
Additionally, monitor and block suspicious requests that contain directory traversal patterns in URL parameters.
Applying any available patches or updates from the vendor that address this file path manipulation vulnerability is recommended once they become available.
If patches are not available, consider disabling or restricting the affected modules or services until a fix can be applied.