CNNVD-202508-1365 Information

CNNVD ID

CNNVD-202508-1365

Related CVE

CVE-2025-54464

• CNNVD Published: 2025-08-13

Description (Chinese)

ZKTeco WL20是中国熵基科技（ZKTeco）公司的一款智能指纹考勤机。 ZKTeco WL20存在安全漏洞，该漏洞源于设备固件中存储了未加密的管理员和用户凭据，可能导致物理访问攻击者提取固件并逆向工程获取凭据。

Description (English)

ZKTeco WL20 is a smart fingerprinting machine for ZKTeco. ZKTeco WL20 has a security loophole, which stems from the storage of unencrypted certificates from administrators and users in the equipment solids, which may lead physical access attackers to extract the solids and reverse engineering evidence.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

熵基科技

Published

2025-08-13

Last Modified

2026-02-24

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0172 https://www.zkteco.com/en/Security_Bulletinsibs/20