CVE-2025-55279

Name of the Vulnerable Software and Affected Versions: ZKTeco WL20 (affected versions not specified)

Description: The device stores a private key in plaintext within its firmware. An attacker with physical access can extract the firmware, analyze the binary data, and retrieve the private key. Successful exploitation could allow an attacker to perform unauthorized decryption of sensitive data and Man-in-the-Middle (MitM) attacks on the targeted device.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.