CVE-2016-20031 (GCVE-0-2016-20031)
Vulnerability from cvelistv5 – Published: 2026-03-15 13:35 – Updated: 2026-06-08 15:12 Unsupported When Assigned
VLAI
Title
ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp
Summary
ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp() method which treats IPv6 loopback address 0:0:0:0:0:0:0:1 as 127.0.0.1 and authenticates using the IP as username with hardcoded password 123456 to access sensitive information and perform unauthorized actions.
Severity
5.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
| https://cxsecurity.com/issue/WLB-2016090003 | third-party-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
| https://packetstormsecurity.com/files/138571 | exploit |
| https://www.exploit-db.com/exploits/40327/ | exploit |
| https://www.vulncheck.com/advisories/zkteco-zkbio… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ZKTeco Inc. | ZKTeco ZKBioSecurity |
Affected:
3.0.1.0_R_230
|
Date Public
2016-08-31 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-20031",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T14:13:50.794626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T14:20:19.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ZKTeco ZKBioSecurity",
"vendor": "ZKTeco Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.1.0_R_230"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2016-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp() method which treats IPv6 loopback address 0:0:0:0:0:0:0:1 as 127.0.0.1 and authenticates using the IP as username with hardcoded password 123456 to access sensitive information and perform unauthorized actions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T15:12:01.680Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Zero Science Lab Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5367.php"
},
{
"name": "CXSecurity",
"tags": [
"third-party-advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2016090003"
},
{
"name": "IBM X-Force Exchange",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116488"
},
{
"name": "Packet Storm Security",
"tags": [
"exploit"
],
"url": "https://packetstormsecurity.com/files/138571"
},
{
"name": "Reference",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40327/"
},
{
"name": "VulnCheck Advisory: ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-local-authorization-bypass-via-vislogin-jsp"
}
],
"solutions": [
{
"lang": "en",
"value": "The affected software ZKBioSecurity and ZKAccess have been officially discontinued. It is recommended that users switch to using ZKBio CVSecurity software. ZKBio CVSecurity has fixed these vulnerabilities. It is recommended that customers use the latest version of ZKBio CVSecurity to eliminate risks."
}
],
"tags": [
"unsupported-when-assigned"
],
"title": "ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2016-20031",
"datePublished": "2026-03-15T13:35:35.350Z",
"dateReserved": "2026-03-15T12:37:20.074Z",
"dateUpdated": "2026-06-08T15:12:01.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-20031",
"date": "2026-06-11",
"epss": "6e-05",
"percentile": "0.00463"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-20031\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2026-03-16T14:17:49.920\",\"lastModified\":\"2026-06-08T16:16:32.943\",\"vulnStatus\":\"Deferred\",\"cveTags\":[{\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"tags\":[\"unsupported-when-assigned\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp() method which treats IPv6 loopback address 0:0:0:0:0:0:0:1 as 127.0.0.1 and authenticates using the IP as username with hardcoded password 123456 to access sensitive information and perform unauthorized actions.\"},{\"lang\":\"es\",\"value\":\"ZKTeco ZKBioSecurity 3.0 contiene una vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n local en visLogin.jsp que permite a los atacantes autenticarse sin credenciales v\u00e1lidas suplantando solicitudes de localhost. Los atacantes pueden explotar el m\u00e9todo EnvironmentUtil.getClientIp() que trata la direcci\u00f3n de bucle invertido IPv6 0:0:0:0:0:0:0:1 como 127.0.0.1 y se autentica usando la IP como nombre de usuario con la contrase\u00f1a codificada 123456 para acceder a informaci\u00f3n sensible y realizar acciones no autorizadas.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"references\":[{\"url\":\"https://cxsecurity.com/issue/WLB-2016090003\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/116488\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://packetstormsecurity.com/files/138571\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.exploit-db.com/exploits/40327/\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-local-authorization-bypass-via-vislogin-jsp\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5367.php\",\"source\":\"disclosure@vulncheck.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2016-20031\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-16T14:13:50.794626Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-16T14:17:43.656Z\"}}], \"cna\": {\"tags\": [\"unsupported-when-assigned\"], \"title\": \"ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"LiquidWorm as Gjoko Krstic of Zero Science Lab\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.8, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"ZKTeco Inc.\", \"product\": \"ZKTeco ZKBioSecurity\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.1.0_R_230\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The affected software ZKBioSecurity and ZKAccess have been officially discontinued. It is recommended that users switch to using ZKBio CVSecurity software. ZKBio CVSecurity has fixed these vulnerabilities. It is recommended that customers use the latest version of ZKBio CVSecurity to eliminate risks.\"}], \"datePublic\": \"2016-08-31T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5367.php\", \"name\": \"Zero Science Lab Disclosure\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://cxsecurity.com/issue/WLB-2016090003\", \"name\": \"CXSecurity\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/116488\", \"name\": \"IBM X-Force Exchange\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://packetstormsecurity.com/files/138571\", \"name\": \"Packet Storm Security\", \"tags\": [\"exploit\"]}, {\"url\": \"https://www.exploit-db.com/exploits/40327/\", \"name\": \"Reference\", \"tags\": [\"exploit\"]}, {\"url\": \"https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-local-authorization-bypass-via-vislogin-jsp\", \"name\": \"VulnCheck Advisory: ZKTeco ZKBioSecurity 3.0 Local Authorization Bypass via visLogin.jsp\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"vulncheck\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp() method which treats IPv6 loopback address 0:0:0:0:0:0:0:1 as 127.0.0.1 and authenticates using the IP as username with hardcoded password 123456 to access sensitive information and perform unauthorized actions.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-798\", \"description\": \"Use of Hard-coded Credentials\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2026-06-08T15:12:01.680Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2016-20031\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-08T15:12:01.680Z\", \"dateReserved\": \"2026-03-15T12:37:20.074Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2026-03-15T13:35:35.350Z\", \"assignerShortName\": \"VulnCheck\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…