Skip to main content

Insufficient Verification of Data Authenticity

CVE-2019-16398

Severity Medium
Score 6.8/10

Summary

On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell.

  • LOW
  • PHYSICAL
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-345 - Insufficient Verification of Data Authenticity

The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References

Advisory Timeline

  • Published