CNNVD-202508-1366 Information

CNNVD ID

CNNVD-202508-1366

Related CVE

CVE-2025-54465

• CNNVD Published: 2025-08-13

Description (Chinese)

ZKTeco WL20是中国熵基科技（ZKTeco）公司的一款智能指纹考勤机。 ZKTeco WL20存在信任管理问题漏洞，该漏洞源于设备固件中存储了硬编码的MQTT凭据和端点，可能导致物理访问攻击者提取固件并获取MQTT凭据，从而未经授权访问MQTT代理。

Description (English)

ZKTeco WL20 is a smart fingerprinting machine for ZKTeco. ZKTeco WL20 has a trust management gap, which stems from the storage of hard-coded MQTT certificates and endpoints in the equipment solid, which may lead physical visitors to extract the solids and obtain MQTT certificates, thereby gaining unauthorized access to MQTT agents.

Hazard Level

High

Vulnerability Type

信任管理问题

Affected Vendor

熵基科技

Published

2025-08-13

Last Modified

2026-02-24

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0172 https://www.zkteco.com/en/Security_Bulletinsibs/20