PT-2025-32979 · Zkteco · Zkteco Wl20
Published
2025-08-13
·
Updated
2025-08-13
·
CVE-2025-54464
CVSS v4.0
7.0
High
| Vector | AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
ZKTeco WL20 (affected versions not specified)
Description:
The vulnerability stems from the storage of administrator and user credentials without encryption within the device firmware. An attacker with physical access can exploit this by extracting the firmware and reverse engineering the binary data to access the unencrypted credentials.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zkteco Wl20