CVE-2024-35431 – ZKTeco ZKBio CVSecurity versions up to 6.4.1 ar... (How to Fix)

Q: What is the severity of CVE-2024-35431?

CVE-2024-35431 has a CVSS score of 7.5 (HIGH). ZKTeco ZKBio CVSecurity versions up to 6.4.1 are vulnerable to directory traversal via the photoBase64 parameter, allowing unauthenticated attackers to download arbitrary files from the server. This affects all systems running vulnerable versions of the software, particularly those exposed to untrusted networks.

📋 TL;DR

ZKTeco ZKBio CVSecurity versions up to 6.4.1 are vulnerable to directory traversal via the photoBase64 parameter, allowing unauthenticated attackers to download arbitrary files from the server. This affects all systems running vulnerable versions of the software, particularly those exposed to untrusted networks.

💻 Affected Systems

Products:

ZKTeco ZKBio CVSecurity

Versions: Up to and including 6.4.1 (6.1.1 confirmed, others indicated)

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configurations; no special setup required.

📦 What is this software?

Zkbio Cvsecurity by Zkteco

View all CVEs affecting Zkbio Cvsecurity →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through retrieval of sensitive files like configuration files, credentials, or system files, potentially leading to lateral movement or data exfiltration.

🟠

Likely Case

Unauthenticated attackers download sensitive configuration files, user data, or system information, enabling further attacks or data theft.

🟢

If Mitigated

Limited impact if network segmentation restricts access, but file disclosure still occurs within accessible directories.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires simple HTTP requests; public proof-of-concept available in GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

Check vendor website for updates; no official patch confirmed at this time.

🔧 Temporary Workarounds

Network Access Control

all

Restrict network access to ZKBio CVSecurity to trusted IPs only.

Web Application Firewall (WAF)

all

Deploy WAF rules to block directory traversal patterns in photoBase64 parameter.

🧯 If You Can't Patch

Isolate the system on a segmented network with strict inbound/outbound firewall rules.
Monitor logs for unusual file access patterns and implement intrusion detection.

🔍 How to Verify

Check if Vulnerable:

Test by sending a crafted HTTP request with directory traversal in photoBase64 parameter to the vulnerable endpoint; check for file disclosure.

Check Version:

Check software version in ZKBio CVSecurity admin interface or configuration files.

Verify Fix Applied:

Verify by testing the same exploit after applying vendor patches or workarounds; ensure no file disclosure occurs.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing 'photoBase64' with '../' sequences or unusual file paths
Unexpected file access logs from web server

Network Indicators:

HTTP traffic to ZKBio CVSecurity with suspicious parameters
Outbound data transfers following exploitation

SIEM Query:

source="web_logs" AND uri="*photoBase64*" AND (uri="*../*" OR uri="*..\\*" OR uri="*%2e%2e%2f*")

📊 Metadata

CVE ID: CVE-2024-35431

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-31

Published: May 30, 2024

Last Updated: June 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35431, you might also want to check these: