{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.2",
    "cveMetadata": {
        "cveId": "CVE-2016-20024",
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "state": "PUBLISHED",
        "assignerShortName": "VulnCheck",
        "dateReserved": "2026-03-15T12:36:03.511Z",
        "datePublished": "2026-03-15T13:35:11.360Z",
        "dateUpdated": "2026-06-08T15:11:15.879Z"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
                "shortName": "VulnCheck",
                "dateUpdated": "2026-06-08T15:11:15.879Z"
            },
            "datePublic": "2016-08-30T00:00:00.000Z",
            "title": "ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation",
            "descriptions": [
                {
                    "lang": "en",
                    "value": "ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation."
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "lang": "en",
                            "description": "Insertion of Sensitive Information into Externally-Accessible File or Directory",
                            "cweId": "CWE-538",
                            "type": "CWE"
                        }
                    ]
                }
            ],
            "affected": [
                {
                    "vendor": "ZKTeco Inc.",
                    "product": "ZKTeco ZKTime.Net",
                    "versions": [
                        {
                            "version": "3.0.1.6",
                            "status": "affected"
                        },
                        {
                            "version": "3.0.1.5 (160622)",
                            "status": "affected"
                        },
                        {
                            "version": "3.0.1.1 (160216)",
                            "status": "affected"
                        }
                    ]
                }
            ],
            "metrics": [
                {
                    "cvssV4_0": {
                        "Automatable": "NOT_DEFINED",
                        "Recovery": "NOT_DEFINED",
                        "Safety": "NOT_DEFINED",
                        "attackComplexity": "LOW",
                        "attackRequirements": "NONE",
                        "attackVector": "NETWORK",
                        "baseScore": 9.3,
                        "baseSeverity": "CRITICAL",
                        "privilegesRequired": "NONE",
                        "providerUrgency": "NOT_DEFINED",
                        "subAvailabilityImpact": "NONE",
                        "subConfidentialityImpact": "NONE",
                        "subIntegrityImpact": "NONE",
                        "userInteraction": "NONE",
                        "valueDensity": "NOT_DEFINED",
                        "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                        "version": "4.0",
                        "vulnAvailabilityImpact": "HIGH",
                        "vulnConfidentialityImpact": "HIGH",
                        "vulnIntegrityImpact": "HIGH",
                        "vulnerabilityResponseEffort": "NOT_DEFINED"
                    },
                    "format": "CVSS"
                },
                {
                    "cvssV3_1": {
                        "attackComplexity": "LOW",
                        "attackVector": "NETWORK",
                        "availabilityImpact": "HIGH",
                        "baseScore": 9.8,
                        "baseSeverity": "CRITICAL",
                        "confidentialityImpact": "HIGH",
                        "integrityImpact": "HIGH",
                        "privilegesRequired": "NONE",
                        "scope": "UNCHANGED",
                        "userInteraction": "NONE",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                        "version": "3.1"
                    },
                    "format": "CVSS"
                }
            ],
            "references": [
                {
                    "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php",
                    "name": "Zero Science Lab Disclosure",
                    "tags": [
                        "third-party-advisory"
                    ]
                },
                {
                    "url": "https://cxsecurity.com/issue/WLB-2016080264",
                    "name": "CXSecurity",
                    "tags": [
                        "third-party-advisory"
                    ]
                },
                {
                    "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116487",
                    "name": "IBM X-Force Exchange",
                    "tags": [
                        "vdb-entry"
                    ]
                },
                {
                    "url": "https://packetstormsecurity.com/files/138565",
                    "name": "Packet Storm Security",
                    "tags": [
                        "exploit"
                    ]
                },
                {
                    "url": "https://www.exploit-db.com/exploits/40322/",
                    "name": "Reference",
                    "tags": [
                        "exploit"
                    ]
                },
                {
                    "name": "VulnCheck Advisory: ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation",
                    "tags": [
                        "third-party-advisory"
                    ],
                    "url": "https://www.vulncheck.com/advisories/zkteco-zktime-net-insecure-file-permissions-privilege-escalation"
                }
            ],
            "credits": [
                {
                    "lang": "en",
                    "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab",
                    "type": "finder"
                }
            ],
            "x_generator": {
                "engine": "vulncheck"
            },
            "solutions": [
                {
                    "lang": "en",
                    "value": "The affected software ZKTime.Net has been officially discontinued. It is recommended that all users switch to using ZKBio Time.Net software. ZKBio Time.Net has fixed this vulnerability. It is recommended that users use the latest version of ZKBio Time.Net to eliminate the risk."
                }
            ],
            "tags": [
                "unsupported-when-assigned"
            ]
        },
        "adp": [
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "id": "CVE-2016-20024",
                                "role": "CISA Coordinator",
                                "options": [
                                    {
                                        "Exploitation": "poc"
                                    },
                                    {
                                        "Automatable": "yes"
                                    },
                                    {
                                        "Technical Impact": "total"
                                    }
                                ],
                                "version": "2.0.3",
                                "timestamp": "2026-03-16T14:15:52.330964Z"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2026-03-16T14:20:21.142Z"
                }
            }
        ]
    }
}