CVE-2024-13966

MEDIUM Year: 2024
CVSS v3 Score
7.3
High
Weakness Type
CWE-1393
View all →

Vulnerability Description

ZKTeco BioTime allows unauthenticated attackers to enumerate usernames and log in as any user with a password unchanged from the default value '123456'. Users should change their passwords (located under the Attendance Settings tab as "Self-Password").

Related Vulnerabilities

CVE-2023-43042

HIGH
CVSS:7.5(High)

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874.

CWE-13932023

CVE-2024-48987

MEDIUM
CVSS:6.6(Medium)

Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repositor...

CWE-13932024

CVE-2025-2921

MEDIUM
CVSS:6.4(Medium)

A vulnerability classified as critical has been found in Netis WF-2404 1.1.124EN. Affected is an unknown function of the file /etc/passwd. The manipulation with the input Realtek leads to use of defau...

CWE-13932025

CVE-2025-2347

MEDIUM
CVSS:6.3(Medium)

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308 and classified as problematic. This issue affects some unknown processing of the component Device Registration. The manipulation of the a...

CWE-13932025

CVE-2024-49559

HIGH
CVSS:8.8(High)

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Use of Default Password vulnerability. A low privileged attacker with remote access could potentially e...

CWE-13932024

CVE-2025-26701

CRITICAL
CVSS:10.0(Critical)

An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed ...

CWE-13932025