CVE Daily

CVE-2025-54464

This vulnerability exists in ZKTeco WL20 due to storage of admin and user creden...

High CVSS 7.0

Overview

This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted credentials stored in the firmware of targeted device.

CWE: CWE-312 Published: 2025-08-13T12:15:25.927
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.0 (HIGH)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags