Improper Access Control in ZKTeco SF300 (ZLM60)

Observation

It was observed that the backup directory and backup file is accessible without authentication in the ZKTeco SF300 (ZLM60) product by navigating url into https://product-ip/csl/backup/

POCs

Application’s backup Files is dislosed through unauthenticated access.

Risk

An attacker who retrieves this backup file would have all the information contained in it and used this information for malicious activities

Risk Mitigation

It is recommended to implement adequate access controls (authentication and authorization) to manage and limit access to all restricted URLs, functions, scripts or files. It should be ensured that authenticated users have access to only those functions and data they are authorized to access. These controls should be implemented at the server side