Login Sign Up

CVE-2024-36526

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

ZKTeco ZKBio CVSecurity v6.1.1 contains a hardcoded cryptographic key (CWE-259), allowing attackers to decrypt sensitive data or bypass authentication. This affects all installations of version 6.1.1. The vulnerability enables unauthorized access to protected information and system functions.

💻 Affected Systems

Products:
  • ZKTeco ZKBio CVSecurity
Versions: Version 6.1.1
Operating Systems: Windows (based on installation files)
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of version 6.1.1 are vulnerable regardless of configuration.

📦 What is this software?

Zkbio Cvsecurity by Zkteco

View all CVEs affecting Zkbio Cvsecurity →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise: attackers decrypt all encrypted data, bypass authentication entirely, and gain administrative control over the security system.

🟠

Likely Case

Unauthorized access to sensitive video footage, user credentials, and system logs; potential manipulation of security settings.

🟢

If Mitigated

Limited impact if system is isolated behind firewalls with strict network controls and no external access.

🌐 Internet-Facing: HIGH - Internet-exposed systems are directly vulnerable to exploitation using the publicly known hardcoded key.
🏢 Internal Only: HIGH - Even internally, any attacker with network access can exploit this vulnerability without authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The hardcoded key is publicly documented in GitHub references; exploitation requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No vendor advisory found in provided references

Restart Required: No

Instructions:

1. Check vendor website for updated version. 2. If available, download and install patched version. 3. Verify hardcoded key has been removed from new installation.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to ZKBio CVSecurity system to prevent exploitation.

Use firewall rules to block all inbound/outbound traffic except from trusted management IPs

Disable External Access

all

Remove system from internet exposure to prevent remote attacks.

Configure firewall to deny WAN access to ZKBio CVSecurity ports

🧯 If You Can't Patch

  • Decommission vulnerable version and replace with alternative security software
  • Implement strict network segmentation and monitor all access attempts to the system

🔍 How to Verify

Check if Vulnerable:

Check installed version in ZKBio CVSecurity interface; if version is 6.1.1, system is vulnerable.

Check Version:

Check version in ZKBio CVSecurity application interface or installation directory

Verify Fix Applied:

Verify installation is no longer version 6.1.1; check with vendor for confirmation that hardcoded key has been removed.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized authentication attempts
  • Unexpected decryption activities
  • Access from unfamiliar IP addresses

Network Indicators:

  • Traffic to/from ZKBio CVSecurity on unusual ports
  • Decryption attempts using known hardcoded key patterns

SIEM Query:

source="zkbio" AND (event_type="authentication" AND result="failure") OR (event_type="decryption" AND key="hardcoded_pattern")

📊 Metadata

CVE ID: CVE-2024-36526
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-259
Published: July 9, 2024
Last Updated: June 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36526, you might also want to check these:

CVE-2025-20286 9.9

A critical vulnerability in Cisco ISE cloud deployments allows unauthenticated attackers to access s...

Same vulnerability type (CWE-259)
CVE-2024-33625 9.8

CyberPower PowerPanel Business application contains a hard-coded JWT signing key, allowing attackers...

Same vulnerability type (CWE-259)
CVE-2017-20039 9.8

CVE-2017-20039 is a critical authentication weakness in SICUNET Access Controller that allows remote...

Same vulnerability type (CWE-259)