CVE-2025-55280
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-13

Last updated on: 2025-08-13

Assigner: Indian Computer Emergency Response Team (CERT-In)

Description
This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi credentials, configuration data and system data in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the plaintext sensitive data stored in the targeted device. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized network access, retrieve and manipulate data on the targeted device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-13
Last Modified
2025-08-13
Generated
2026-05-07
AI Q&A
2025-08-13
EPSS Evaluated
2026-05-05
NVD
CVE-2025-55280
EUVD
EUVD-2025-24561
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zkteco wl20 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-312 The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in ZKTeco WL20 devices because Wi-Fi credentials, configuration data, and system data are stored in plaintext within the device firmware. An attacker with physical access to the device can extract the firmware and reverse engineer it to access this sensitive information.


How can this vulnerability impact me? :

If exploited, an attacker could gain unauthorized network access and retrieve or manipulate data on the targeted device, potentially compromising the security and integrity of the device and connected systems.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart