How severe is CVE-2023-3943?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 10 out of 10.

What type of vulnerability is CVE-2023-3943?

This is classified as CWE-121, which is a common weakness in software security.

CVE-2023-3943

CRITICAL Year: 2023

CVSS v3 Score

10.0

Critical

Weakness Type

CWE-121

View all →

Vulnerability Description

Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.

CVE-2020-14498

CRITICAL

CVSS:10.0(Critical)

HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.

CWE-1212020

CVE-2021-21960

CRITICAL

CVSS:10.0(Critical)

A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code executi...

CWE-1212021

CVE-2021-21961

CRITICAL

CVSS:10.0(Critical)

A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An...

CWE-1212021

CVE-2022-32454

CRITICAL

CVSS:10.0(Critical)

A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to remote cod...

CWE-1212022

CVE-2024-36258

CRITICAL

CVSS:10.0(Critical)

A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary ...

CWE-1212024

CVE-2019-5153

CRITICAL

CVSS:9.9(Critical)

An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause ...

CWE-1212019

CVE-2023-3943

Vulnerability Description

Related Vulnerabilities

CVE-2020-14498

CVE-2021-21960

CVE-2021-21961

CVE-2022-32454

CVE-2024-36258

CVE-2019-5153