QwikSec

Security Database

CVE

CWE

Training

CVE-2025-54464

Published: Aug 13, 2025

Modified: Aug 13, 2025

PUBLISHED

Description

This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted credentials stored in the firmware of targeted device.

Vendor	Product	Versions
ZKTeco Co	WL20 Biometric Attendance System	affected `<=ZLM31-FXO1-3.1.8`

Weaknesses (CWE)

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0172

third-party-advisory

https://www.zkteco.com/en/Security_Bulletinsibs/20

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.