Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
The vulnerability results from a stack buffer overflow (CWE-121) that can occur over the network without requiring authentication or user interaction (CVSS vector: AV:N/AC:L/PR:N/UI:N). The devices do not implement typical defensive mechanisms — lacking stack canaries and Position Independent Executable (PIE) — which allows an attacker to precisely control program execution flow. Thanks to this, even under additional environmental restrictions, it is possible to effectively deliver and execute malicious payload.
An unauthenticated remote attacker can execute arbitrary code on the vulnerable device with potential full system control compromise, which at maximum CVSS score of 10.0 includes violation of confidentiality, integrity, and availability.
Apply patches available from the manufacturer in accordance with references. Due to lack of information about available patches, it is additionally recommended to isolate devices on the network (segmentation, firewall), restrict network access only to trusted hosts, and monitor network activity of these devices until official firmware update is deployed.
OEM devices based on the ZkTeco platform: ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and potentially other devices of this type running firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other firmware versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H