Researchers at Kaspersky Lab have discovered 24 critical vulnerabilities in ZKTeco's biometric access system. These flaws include remote command injection, arbitrary file read and write, and QR code SQL injection. The vulnerabilities allow attackers to bypass authentication, steal data, and deploy backdoors, posing significant security risks. The findings highlight the importance of addressing security weaknesses in biometric systems to prevent unauthorized access and data breaches. A demo of the vulnerabilities was included.