ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws

          An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. The 24 flaws span six SQL injections, seven stack-based buffer overflows, five command injections, four arbitrary file writes, and two arbitrary file reads. 

          Thus, an insufficiently configured terminal becomes vulnerable to simple attacks, making it easy for an intruder to violate the physical security of the organization's critical areas. To mitigate the risk of attacks, it's recommended to move biometric reader usage into a separate network segment, use robust administrator passwords, improve device security settings, minimize the use of QR codes, and keep systems up-to-date. 

Reference: Hacker news.