CNNVD-202508-1367 Information

CNNVD ID

CNNVD-202508-1367

Related CVE

CVE-2025-55279

• CNNVD Published: 2025-08-13

Description (Chinese)

ZKTeco WL20是中国熵基科技（ZKTeco）公司的一款智能指纹考勤机。 ZKTeco WL20存在信任管理问题漏洞，该漏洞源于设备固件中存储了硬编码的私钥，可能导致物理访问攻击者提取私钥并执行未经授权的解密和中间人攻击。

Description (English)

ZKTeco WL20 is a smart fingerprinting machine for ZKTeco. ZKTeco WL20 has a confidence management loophole, which stems from the storage of hard-coded private keys in the device ’ s solids, which may lead physical visitors to extract private keys and carry out unauthorized decryption and intermediary attacks.

Hazard Level

High

Vulnerability Type

信任管理问题

Affected Vendor

熵基科技

Published

2025-08-13

Last Modified

2026-02-24

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0172