{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2016-20031", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-15T12:37:20.074Z", "datePublished": "2026-03-15T13:35:35.350Z", "dateUpdated": "2026-06-08T15:12:01.680Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-06-08T15:12:01.680Z"}, "datePublic": "2016-08-31T00:00:00.000Z", "title": "ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp", "descriptions": [{"lang": "en", "value": "ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp() method which treats IPv6 loopback address 0:0:0:0:0:0:0:1 as 127.0.0.1 and authenticates using the IP as username with hardcoded password 123456 to access sensitive information and perform unauthorized actions."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use of Hard-coded Credentials", "cweId": "CWE-798", "type": "CWE"}]}], "affected": [{"vendor": "ZKTeco Inc.", "product": "ZKTeco ZKBioSecurity", "versions": [{"version": "3.0.1.0_R_230", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5367.php", "name": "Zero Science Lab Disclosure", "tags": ["third-party-advisory"]}, {"url": "https://cxsecurity.com/issue/WLB-2016090003", "name": "CXSecurity", "tags": ["third-party-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116488", "name": "IBM X-Force Exchange", "tags": ["vdb-entry"]}, {"url": "https://packetstormsecurity.com/files/138571", "name": "Packet Storm Security", "tags": ["exploit"]}, {"url": "https://www.exploit-db.com/exploits/40327/", "name": "Reference", "tags": ["exploit"]}, {"name": "VulnCheck Advisory: ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-local-authorization-bypass-via-vislogin-jsp"}], "credits": [{"lang": "en", "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "solutions": [{"lang": "en", "value": "The affected software ZKBioSecurity and ZKAccess have been officially discontinued. It is recommended that users switch to using ZKBio CVSecurity software. ZKBio CVSecurity has fixed these vulnerabilities. It is recommended that customers use the latest version of ZKBio CVSecurity to eliminate risks."}], "tags": ["unsupported-when-assigned"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2016-20031", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T14:13:50.794626Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T14:20:19.921Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2016-20031", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T14:13:50.794626Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T14:17:43.656Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp", "credits": [{"lang": "en", "type": "finder", "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "ZKTeco Inc.", "product": "ZKTeco ZKBioSecurity", "versions": [{"status": "affected", "version": "3.0.1.0_R_230"}]}], "solutions": [{"lang": "en", "value": "The affected software ZKBioSecurity and ZKAccess have been officially discontinued. It is recommended that users switch to using ZKBio CVSecurity software. ZKBio CVSecurity has fixed these vulnerabilities. It is recommended that customers use the latest version of ZKBio CVSecurity to eliminate risks."}], "datePublic": "2016-08-31T00:00:00.000Z", "references": [{"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5367.php", "name": "Zero Science Lab Disclosure", "tags": ["third-party-advisory"]}, {"url": "https://cxsecurity.com/issue/WLB-2016090003", "name": "CXSecurity", "tags": ["third-party-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116488", "name": "IBM X-Force Exchange", "tags": ["vdb-entry"]}, {"url": "https://packetstormsecurity.com/files/138571", "name": "Packet Storm Security", "tags": ["exploit"]}, {"url": "https://www.exploit-db.com/exploits/40327/", "name": "Reference", "tags": ["exploit"]}, {"url": "https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-local-authorization-bypass-via-vislogin-jsp", "name": "VulnCheck Advisory: ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp() method which treats IPv6 loopback address 0:0:0:0:0:0:0:1 as 127.0.0.1 and authenticates using the IP as username with hardcoded password 123456 to access sensitive information and perform unauthorized actions."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "Use of Hard-coded Credentials"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-06-08T15:12:01.680Z"}}}, "cveMetadata": {"cveId": "CVE-2016-20031", "state": "PUBLISHED", "dateUpdated": "2026-06-08T15:12:01.680Z", "dateReserved": "2026-03-15T12:37:20.074Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-15T13:35:35.350Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [{"sourceIdentifier": "disclosure@vulncheck.com", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp() method which treats IPv6 loopback address 0:0:0:0:0:0:0:1 as 127.0.0.1 and authenticates using the IP as username with hardcoded password 123456 to access sensitive information and perform unauthorized actions."}, {"lang": "es", "value": "ZKTeco ZKBioSecurity 3.0 contiene una vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n local en visLogin.jsp que permite a los atacantes autenticarse sin credenciales v\u00e1lidas suplantando solicitudes de localhost. Los atacantes pueden explotar el m\u00e9todo EnvironmentUtil.getClientIp() que trata la direcci\u00f3n de bucle invertido IPv6 0:0:0:0:0:0:0:1 como 127.0.0.1 y se autentica usando la IP como nombre de usuario con la contrase\u00f1a codificada 123456 para acceder a informaci\u00f3n sensible y realizar acciones no autorizadas."}], "id": "CVE-2016-20031", "lastModified": "2026-06-08T16:16:32.943", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-16T14:17:49.920", "references": [{"source": "disclosure@vulncheck.com", "url": "https://cxsecurity.com/issue/WLB-2016090003"}, {"source": "disclosure@vulncheck.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116488"}, {"source": "disclosure@vulncheck.com", "url": "https://packetstormsecurity.com/files/138571"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/40327/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-local-authorization-bypass-via-vislogin-jsp"}, {"source": "disclosure@vulncheck.com", "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5367.php"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.0.1.0_R_230"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}]}, "product": "zkbiosecurity", "vendor": "zkteco"}], "analysis": {"en": {"generated_at": "2026-03-21T14:37:52.003891+00:00", "value": {"mitigation_remediation": ["Apply the latest ZKBioSecurity firmware update from ZKTeco that patches the visLogin.jsp authorization bypass", "If an immediate update is unavailable, block or restrict access to visLogin.jsp using network firewall rules or internal access controls", "Configure the system to reject IPv6 loopback addresses or enforce strict IP validation before authentication", "Change the hardcoded password from 123456 to a unique, complex value and enforce a password policy", "Monitor authentication logs for anomalous login attempts from local or privileged IP addresses"], "summary": {"action": "Immediate Patch", "impact": "Unauthorized Authentication and Data Access"}, "threat_synthesis": {"affected_systems": "Affected are installations of ZKTeco Inc.\u2019s ZKBioSecurity product, specifically version 3.0. No other versions are listed, so the risk applies to that release only.", "description_and_impact": "The vulnerability in ZKTeco ZKBioSecurity 3.0 lies in the visLogin.jsp page, which allows an attacker to bypass local authorization by forging a request that appears to originate from the localhost. The application\u2019s EnvironmentUtil.getClientIp() method incorrectly treats the IPv6 loopback address 0:0:0:0:0:0:0:1 as the IPv4 address 127.0.0.1. When this spoofed IP is submitted, the system accepts it as a username and permits login with the hardcoded password 123456, thereby granting access to sensitive information and enabling the execution of unauthorized actions.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 6.8 and an EPSS probability of less than 1%, indicating moderate severity and low overall exploitation likelihood. It is not catalogued as a known exploited vulnerability. The attack vector requires an entity able to craft a request that mimics a localhost connection, which could be possible from an internal network or a machine with network access to the device. If the device is exposed to external networks, the risk could increase but the requirement for loopback spoofing still limits widespread exploitation."}}}}, "created": "2026-03-16T09:21:40.474241+00:00", "updated": "2026-03-23T14:01:45.507637+00:00", "vendors": ["zkteco", "zkteco$PRODUCT$zkbiosecurity"]}