Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-zqmu-d8mc-q3bx

Summary ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation.

Aliases

alias	CVE-2016-20024

Fixed_packages

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-20024

reference_id

reference_type

scores

value	0.0003
scoring_system	epss
scoring_elements	0.09033
published_at	2026-06-11T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.09067
published_at	2026-06-14T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.0908
published_at	2026-06-13T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.09078
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-20024

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/116487

reference_id

116487

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-16T14:15:52Z/

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/116487

reference_url

https://packetstormsecurity.com/files/138565

reference_id

138565

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-16T14:15:52Z/

url

https://packetstormsecurity.com/files/138565

reference_url

https://www.exploit-db.com/exploits/40322/

reference_id

40322

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-16T14:15:52Z/

url

https://www.exploit-db.com/exploits/40322/

reference_url

https://cxsecurity.com/issue/WLB-2016080264

reference_id

WLB-2016080264

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-16T14:15:52Z/

url

https://cxsecurity.com/issue/WLB-2016080264

reference_url

https://www.vulncheck.com/advisories/zkteco-zktime-net-insecure-file-permissions-privilege-escalation

reference_id

zkteco-zktime-net-insecure-file-permissions-privilege-escalation

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-16T14:15:52Z/

url

https://www.vulncheck.com/advisories/zkteco-zktime-net-insecure-file-permissions-privilege-escalation

reference_url

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php

reference_id

ZSL-2016-5360.php

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-16T14:15:52Z/

url

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php

Weaknesses

cwe_id	538
name	Insertion of Sensitive Information into Externally-Accessible File or Directory
description	The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

Exploits

Severity_range_score 9.3 - 9.8

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zqmu-d8mc-q3bx

Vulnerability Instance