Primary

Context

ZKTeco WL20 Biometric Attendance System Cleartext Credential Storage Vulnerability

Vulnerability

A vulnerability exists in the ZKTeco WL20 Biometric Attendance System due to the storage of admin and user credentials in plaintext within the device firmware. This issue affects versions through ZLM31-FXO1-3.1.8. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineering the binary data to access the unencrypted credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized access to admin and user credentials, allowing for potential misuse of these credentials in managing the attendance system or accessing associated services.

Remediation

Users are advised to upgrade the ZKTeco WL20 Biometric Attendance System firmware to version ZLM31-FXO1-4.0.3. For assistance, contact ZKTeco customer service or the official technical support.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ZKTeco WL20 Biometric Attendance System Cleartext Credential Storage Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating