CVE-2024-2318 is a path traversal vulnerability identified in ZKTeco's ZKBio Media software version 2.0.0_x64_2024-01-29-1028. The vulnerability exists in an unspecified function handling requests to the /pro/common/download endpoint on Service Port 9999. Specifically, the issue arises from improper sanitization of the 'fileName' parameter, which allows an attacker to manipulate the input with directory traversal sequences such as '../../../../zkbio_media.sql'. This manipulation enables unauthorized access to files outside the intended directory scope, potentially exposing sensitive files on the server. The vulnerability can be exploited remotely without requiring user interaction or authentication, increasing its risk profile. The CVSS 4.0 base score is 5.3 (medium severity), reflecting the network attack vector, low complexity, no privileges or user interaction required, and limited impact on confidentiality. Although no known exploits are currently reported in the wild, the public disclosure of the exploit code increases the likelihood of exploitation. The vendor has addressed this vulnerability in version 2.1.3 Build 2025-05-26-1605, and upgrading to this version is recommended to mitigate the risk. The vulnerability primarily affects the Service Port 9999 component of ZKBio Media, a software product used for biometric and security management, commonly deployed in physical access control systems.

For European organizations using ZKTeco ZKBio Media, this vulnerability poses a significant risk of unauthorized data exposure. Attackers exploiting the path traversal flaw could access configuration files, database files, or other sensitive information stored on the server hosting the application. This could lead to leakage of biometric data, user credentials, or system configuration details, undermining the confidentiality and integrity of security systems. Given that ZKBio Media is often integrated into physical security infrastructures, exploitation could facilitate further attacks such as unauthorized physical access or lateral movement within networks. The remote and unauthenticated nature of the exploit increases the threat surface, especially for organizations with internet-facing instances of ZKBio Media or insufficient network segmentation. The medium severity rating indicates moderate impact, but the sensitivity of biometric and access control data elevates the potential consequences. European organizations in sectors such as government, critical infrastructure, transportation, and corporate facilities management are particularly at risk due to their reliance on biometric security solutions and regulatory requirements for data protection under GDPR.

To mitigate this vulnerability, European organizations should prioritize upgrading ZKTeco ZKBio Media to version 2.1.3 Build 2025-05-26-1605 or later, where the issue is resolved. In addition to patching, organizations should implement network-level controls such as restricting access to Service Port 9999 to trusted internal networks or VPNs, thereby reducing exposure to external attackers. Employing web application firewalls (WAFs) with rules to detect and block path traversal attempts can provide an additional layer of defense. Regularly auditing and monitoring logs for suspicious access patterns targeting the /pro/common/download endpoint can help detect exploitation attempts early. Organizations should also review file system permissions to ensure that the application runs with the least privilege necessary, limiting the scope of accessible files even if traversal occurs. Finally, conducting security awareness training for IT staff on timely patch management and vulnerability response will improve overall resilience against such threats.