Cyber Resilience

CVE-2016-20024

CriticalPublic PoCUpdated

Published: 16 March 2026

Published
16 March 2026
Modified
08 June 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0073 49.6th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2016-20024 is a critical-severity Insertion of Sensitive Information into Externally-Accessible File or Directory (CWE-538) vulnerability in Cxsecurity (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Services File Permissions Weakness (T1574.010); ranked at the 49.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-5 (Access Restrictions for Change).

Deeper analysis

CVE-2016-20024 is an insecure file permissions vulnerability (CWE-538) in ZKTeco ZKTime.Net 3.0.1.6. The ZKTimeNet3.0 directory and its contents feature world-writable permissions, enabling unprivileged users to modify executable files. This flaw allows replacement of legitimate executables with malicious binaries to achieve privilege escalation. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-03-16T14:17:48.350.

Attackers with unprivileged access can exploit the world-writable permissions on the ZKTimeNet3.0 directory to overwrite executable files with malicious versions. Successful exploitation leads to privilege escalation, potentially granting attackers higher-level access on the affected system. The CVSS vector indicates it is exploitable remotely by unauthenticated attackers with low complexity and no user interaction required.

Advisories and related resources, including exploit details, are available at https://cxsecurity.com/issue/WLB-2016080264, https://exchange.xforce.ibmcloud.com/vulnerabilities/116487, https://packetstormsecurity.com/files/138565, https://www.exploit-db.com/exploits/40322/, and https://www.vulncheck.com/advisories/zkteco-zktime-net-insecure-file-permissions-privilege-escalation.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for…

more

privilege escalation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.010 Services File Permissions Weakness Stealth
Adversaries may execute their own malicious payloads by hijacking the binaries used by services.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

World-writable executable permissions directly enable file overwrite for local privilege escalation via T1044 (File System Permissions Weakness) and T1068 (Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-27173Shared CWE-538
CVE-2023-54346Shared CWE-538
CVE-2026-23838Shared CWE-538
CVE-2020-37104Shared CWE-538
CVE-2019-25706Shared CWE-538
CVE-2026-21672Shared CWE-538
CVE-2026-49298Shared CWE-538
CVE-2025-12059Shared CWE-538
CVE-2025-11079Shared CWE-538

Affected Assets

Cxsecurity
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-34 prevents unauthorized modification of executable programs, directly mitigating the world-writable permissions that allow replacement of legitimate executables with malicious binaries.

prevent

CM-5 authorizes and restricts access to changes on system components such as the ZKTimeNet3.0 directory and its executable files, preventing unprivileged users from overwriting them.

prevent

AC-3 enforces approved access authorizations for system resources including files, ensuring unprivileged users cannot write to the vulnerable directory and executables.

References