{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-54465", "assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c", "state": "PUBLISHED", "assignerShortName": "CERT-In", "dateReserved": "2025-07-22T08:56:34.299Z", "datePublished": "2025-08-13T11:17:41.081Z", "dateUpdated": "2025-08-13T13:09:41.836Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "WL20 Biometric Attendance System", "vendor": "ZKTeco Co", "versions": [{"status": "affected", "version": "<=ZLM31-FXO1-3.1.8"}]}], "credits": [{"lang": "en", "type": "finder", "value": "This vulnerability is reported by Shravan Singh from Kavach IoT Security."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve the hard-coded MQTT credentials and endpoints from the targeted device.<br><br>Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the MQTT broker and manipulate the communications of the targeted device.<br>"}], "value": "This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve the hard-coded MQTT credentials and endpoints from the targeted device.\n\nSuccessful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the MQTT broker and manipulate the communications of the targeted device."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798: Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "66834db9-ab24-42b4-be80-296b2e40335c", "shortName": "CERT-In", "dateUpdated": "2025-08-13T11:17:41.081Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0172"}, {"tags": ["vendor-advisory"], "url": "https://www.zkteco.com/en/Security_Bulletinsibs/20"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade ZKTeco WL20 Biometric Attendance System firmware to version ZLM31-FXO1-4.0.3.<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.zkteco.com/en/Security_Bulletinsibs/20\">https://www.zkteco.com/en/Security_Bulletinsibs/20</a><br>"}], "value": "Upgrade ZKTeco WL20 Biometric Attendance System firmware to version ZLM31-FXO1-4.0.3.\n https://www.zkteco.com/en/Security_Bulletinsibs/20"}], "source": {"discovery": "UNKNOWN"}, "title": "Hard-coded Credentials Vulnerability in ZKTeco WL20", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-13T13:09:37.206727Z", "id": "CVE-2025-54465", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-13T13:09:41.836Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-54465", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-13T13:09:37.206727Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-13T13:09:39.326Z"}}], "cna": {"title": "Hard-coded Credentials Vulnerability in ZKTeco WL20", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "This vulnerability is reported by Shravan Singh from Kavach IoT Security."}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ZKTeco Co", "product": "WL20 Biometric Attendance System", "versions": [{"status": "affected", "version": "<=ZLM31-FXO1-3.1.8"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade ZKTeco WL20 Biometric Attendance System firmware to version ZLM31-FXO1-4.0.3.\n https://www.zkteco.com/en/Security_Bulletinsibs/20", "supportingMedia": [{"type": "text/html", "value": "Upgrade ZKTeco WL20 Biometric Attendance System firmware to version ZLM31-FXO1-4.0.3.<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.zkteco.com/en/Security_Bulletinsibs/20\">https://www.zkteco.com/en/Security_Bulletinsibs/20</a><br>", "base64": false}]}], "references": [{"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0172", "tags": ["third-party-advisory"]}, {"url": "https://www.zkteco.com/en/Security_Bulletinsibs/20", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve the hard-coded MQTT credentials and endpoints from the targeted device.\n\nSuccessful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the MQTT broker and manipulate the communications of the targeted device.", "supportingMedia": [{"type": "text/html", "value": "This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve the hard-coded MQTT credentials and endpoints from the targeted device.<br><br>Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the MQTT broker and manipulate the communications of the targeted device.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "CWE-798: Use of Hard-coded Credentials"}]}], "providerMetadata": {"orgId": "66834db9-ab24-42b4-be80-296b2e40335c", "shortName": "CERT-In", "dateUpdated": "2025-08-13T11:17:41.081Z"}}}, "cveMetadata": {"cveId": "CVE-2025-54465", "state": "PUBLISHED", "dateUpdated": "2025-08-13T13:09:41.836Z", "dateReserved": "2025-07-22T08:56:34.299Z", "assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c", "datePublished": "2025-08-13T11:17:41.081Z", "assignerShortName": "CERT-In"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve the hard-coded MQTT credentials and endpoints from the targeted device.\n\nSuccessful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the MQTT broker and manipulate the communications of the targeted device."}, {"lang": "es", "value": "Esta vulnerabilidad existe en ZKTeco WL20 debido a credenciales y endpoints MQTT codificados de forma r\u00edgida, almacenados en texto plano dentro del firmware del dispositivo. Un atacante con acceso f\u00edsico podr\u00eda explotar esta vulnerabilidad extrayendo el firmware y analizando los datos binarios para recuperar las credenciales y endpoints MQTT codificados de forma r\u00edgida del dispositivo objetivo. Si se explota esta vulnerabilidad, el atacante podr\u00eda obtener acceso no autorizado al br\u00f3ker MQTT y manipular las comunicaciones del dispositivo objetivo."}], "id": "CVE-2025-54465", "lastModified": "2025-08-13T17:33:46.673", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vdisclose@cert-in.org.in", "type": "Secondary"}]}, "published": "2025-08-13T12:15:26.767", "references": [{"source": "vdisclose@cert-in.org.in", "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0172"}, {"source": "vdisclose@cert-in.org.in", "url": "https://www.zkteco.com/en/Security_Bulletinsibs/20"}], "sourceIdentifier": "vdisclose@cert-in.org.in", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "vdisclose@cert-in.org.in", "type": "Primary"}]}

{}