CVE-2016-20024
ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation.
| CWE | CWE-538 |
| Vendor | zkteco inc. |
| Product | zkteco zktime.net |
| Published | Mar 15, 2026 |
| Last Updated | Mar 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for zkteco inc. zkteco zktime.net
Be the first to know when new critical vulnerabilities affecting zkteco inc. zkteco zktime.net are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
ZKTeco Inc. / ZKTeco ZKTime.Net
3.0.1.6 3.0.1.5 (160622) 3.0.1.1 (160216)
References
zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php cxsecurity.com: https://cxsecurity.com/issue/WLB-2016080264 exchange.xforce.ibmcloud.com: https://exchange.xforce.ibmcloud.com/vulnerabilities/116487 packetstormsecurity.com: https://packetstormsecurity.com/files/138565 exploit-db.com: https://www.exploit-db.com/exploits/40322/ vulncheck.com: https://www.vulncheck.com/advisories/zkteco-zktime-net-insecure-file-permissions-privilege-escalation
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab