CVE-2025-54465
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-08-13
Assigner: Indian Computer Emergency Response Team (CERT-In)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zkteco | zlm31-fxo1 | 4.0.3 |
| zkteco | zlm31-fxo1 | 3.1.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in ZKTeco WL20 involves hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. An attacker with physical access can extract and analyze the firmware to retrieve these credentials, allowing unauthorized access to the MQTT broker and manipulation of device communications.
How can this vulnerability impact me? :
If exploited, an attacker could gain unauthorized access to the MQTT broker used by the device, potentially allowing them to intercept, alter, or manipulate communications between the device and the broker. This could lead to unauthorized control or data breaches involving the device.