{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.2",
    "cveMetadata": {
        "cveId": "CVE-2016-20031",
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "state": "PUBLISHED",
        "assignerShortName": "VulnCheck",
        "dateReserved": "2026-03-15T12:37:20.074Z",
        "datePublished": "2026-03-15T13:35:35.350Z",
        "dateUpdated": "2026-06-08T15:12:01.680Z"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
                "shortName": "VulnCheck",
                "dateUpdated": "2026-06-08T15:12:01.680Z"
            },
            "datePublic": "2016-08-31T00:00:00.000Z",
            "title": "ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp",
            "descriptions": [
                {
                    "lang": "en",
                    "value": "ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp() method which treats IPv6 loopback address 0:0:0:0:0:0:0:1 as 127.0.0.1 and authenticates using the IP as username with hardcoded password 123456 to access sensitive information and perform unauthorized actions."
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "lang": "en",
                            "description": "Use of Hard-coded Credentials",
                            "cweId": "CWE-798",
                            "type": "CWE"
                        }
                    ]
                }
            ],
            "affected": [
                {
                    "vendor": "ZKTeco Inc.",
                    "product": "ZKTeco ZKBioSecurity",
                    "versions": [
                        {
                            "version": "3.0.1.0_R_230",
                            "status": "affected"
                        }
                    ]
                }
            ],
            "metrics": [
                {
                    "cvssV4_0": {
                        "Automatable": "NOT_DEFINED",
                        "Recovery": "NOT_DEFINED",
                        "Safety": "NOT_DEFINED",
                        "attackComplexity": "LOW",
                        "attackRequirements": "NONE",
                        "attackVector": "LOCAL",
                        "baseScore": 6.8,
                        "baseSeverity": "MEDIUM",
                        "privilegesRequired": "LOW",
                        "providerUrgency": "NOT_DEFINED",
                        "subAvailabilityImpact": "NONE",
                        "subConfidentialityImpact": "NONE",
                        "subIntegrityImpact": "NONE",
                        "userInteraction": "NONE",
                        "valueDensity": "NOT_DEFINED",
                        "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                        "version": "4.0",
                        "vulnAvailabilityImpact": "NONE",
                        "vulnConfidentialityImpact": "HIGH",
                        "vulnIntegrityImpact": "NONE",
                        "vulnerabilityResponseEffort": "NOT_DEFINED"
                    },
                    "format": "CVSS"
                },
                {
                    "cvssV3_1": {
                        "attackComplexity": "LOW",
                        "attackVector": "LOCAL",
                        "availabilityImpact": "NONE",
                        "baseScore": 5.5,
                        "baseSeverity": "MEDIUM",
                        "confidentialityImpact": "HIGH",
                        "integrityImpact": "NONE",
                        "privilegesRequired": "LOW",
                        "scope": "UNCHANGED",
                        "userInteraction": "NONE",
                        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                        "version": "3.1"
                    },
                    "format": "CVSS"
                }
            ],
            "references": [
                {
                    "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5367.php",
                    "name": "Zero Science Lab Disclosure",
                    "tags": [
                        "third-party-advisory"
                    ]
                },
                {
                    "url": "https://cxsecurity.com/issue/WLB-2016090003",
                    "name": "CXSecurity",
                    "tags": [
                        "third-party-advisory"
                    ]
                },
                {
                    "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116488",
                    "name": "IBM X-Force Exchange",
                    "tags": [
                        "vdb-entry"
                    ]
                },
                {
                    "url": "https://packetstormsecurity.com/files/138571",
                    "name": "Packet Storm Security",
                    "tags": [
                        "exploit"
                    ]
                },
                {
                    "url": "https://www.exploit-db.com/exploits/40327/",
                    "name": "Reference",
                    "tags": [
                        "exploit"
                    ]
                },
                {
                    "name": "VulnCheck Advisory: ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp",
                    "tags": [
                        "third-party-advisory"
                    ],
                    "url": "https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-local-authorization-bypass-via-vislogin-jsp"
                }
            ],
            "credits": [
                {
                    "lang": "en",
                    "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab",
                    "type": "finder"
                }
            ],
            "x_generator": {
                "engine": "vulncheck"
            },
            "solutions": [
                {
                    "lang": "en",
                    "value": "The affected software ZKBioSecurity and ZKAccess have been officially discontinued. It is recommended that users switch to using ZKBio CVSecurity software. ZKBio CVSecurity has fixed these vulnerabilities. It is recommended that customers use the latest version of ZKBio CVSecurity to eliminate risks."
                }
            ],
            "tags": [
                "unsupported-when-assigned"
            ]
        },
        "adp": [
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "id": "CVE-2016-20031",
                                "role": "CISA Coordinator",
                                "options": [
                                    {
                                        "Exploitation": "poc"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "version": "2.0.3",
                                "timestamp": "2026-03-16T14:13:50.794626Z"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2026-03-16T14:20:19.921Z"
                }
            }
        ]
    }
}