In ZKTeco ZKBio CVSecurity v6.1.1_R and earlier (fixed in 6.1.3_R) an authenticated user can bypass password checks while exporting data from the application.
https://www.zkteco.com/en/Security_Bulletinsibs/16
https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35430.md