CVE-2024-22988: An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component.
9.8
CVSS
Description
An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component.
Classification
CVE ID: CVE-2024-22988
CVSS Base Severity: CRITICAL
CVSS Base Score: 9.8
Affected Products
Vendor: n/a
Product: n/a
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.16% (probability of being exploited)
EPSS Percentile: 38.29% (scored less or equal to compared to others)
EPSS Date: 2025-05-21 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: total
SSVC Automatable: true
References
https://nvd.nist.gov/vuln/detail/CVE-2024-22988https://zkteco.com
https://gist.github.com/whiteman007/b50a9b64007a5d7bcb7a8bee61d2cb47
https://www.vicarius.io/vsociety/posts/revealing-cve-2024-22988-a-unique-dive-into-exploiting-access-control-gaps-in-zkbio-wdms-uncover-the-untold-crafted-for-beginners-with-a-rare-glimpse-into-pentesting-strategies