{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T21:36:31.362","vulnerabilities":[{"cve":{"id":"CVE-2023-3939","sourceIdentifier":"vulnerability@kaspersky.com","published":"2024-05-21T10:15:09.683","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an OS Command ('OS \nCommand Injection') vulnerability in ZkTeco-based OEM devices allows OS \nCommand Injection. \nSince all the found command implementations are executed from the \nsuperuser, their impact is the maximum possible.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly other."},{"lang":"es","value":"La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyección de comando del sistema operativo') en dispositivos OEM basados en ZkTeco permite la inyección de comando del sistema operativo. Dado que todas las implementaciones de comandos encontradas se ejecutan desde el superusuario, su impacto es el máximo posible. Este problema afecta a los dispositivos OEM basados en ZkTeco (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME y posiblemente otros) con ZAM170-NF-1.8.25-7354-Ver1.0.0 y posiblemente otros."}],"metrics":{"cvssMetricV31":[{"source":"vulnerability@kaspersky.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"vulnerability@kaspersky.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md","source":"vulnerability@kaspersky.com"},{"url":"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}