{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-55280", "assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c", "state": "PUBLISHED", "assignerShortName": "CERT-In", "dateReserved": "2025-08-12T11:08:57.777Z", "datePublished": "2025-08-13T11:38:35.843Z", "dateUpdated": "2025-08-13T12:59:31.423Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "WL20 Biometric Attendance System", "vendor": "ZKTeco Co", "versions": [{"status": "affected", "version": "<=ZLM31-FXO1-3.1.8"}]}], "credits": [{"lang": "en", "type": "finder", "value": "This vulnerability is reported by Shravan Singh from Kavach IoT Security."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi credentials, configuration data and system data in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the plaintext sensitive data stored in the targeted device. <br><br>Successful exploitation of this vulnerability could allow the attacker to gain unauthorized network access, retrieve and manipulate data on the targeted device.<br>"}], "value": "This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi credentials, configuration data and system data in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the plaintext sensitive data stored in the targeted device. \n\nSuccessful exploitation of this vulnerability could allow the attacker to gain unauthorized network access, retrieve and manipulate data on the targeted device."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "baseScore": 5.2, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "description": "CWE-312: Cleartext Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "66834db9-ab24-42b4-be80-296b2e40335c", "shortName": "CERT-In", "dateUpdated": "2025-08-13T11:38:35.843Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0172"}], "source": {"discovery": "UNKNOWN"}, "title": "Information Disclosure Vulnerability in ZKTeco WL20", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<ul><li>Apply mitigations as per vendor instructions (whenever available) or discontinue the use of the product if mitigations are unavailable. </li><li>Perform risk assessment and implement physical security controls to prevent unauthorized access to the device.</li></ul>"}], "value": "* Apply mitigations as per vendor instructions (whenever available) or discontinue the use of the product if mitigations are unavailable. \n * Perform risk assessment and implement physical security controls to prevent unauthorized access to the device."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-13T12:59:27.192496Z", "id": "CVE-2025-55280", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-13T12:59:31.423Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-55280", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-13T12:59:27.192496Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-13T12:59:29.130Z"}}], "cna": {"title": "Information Disclosure Vulnerability in ZKTeco WL20", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "This vulnerability is reported by Shravan Singh from Kavach IoT Security."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.2, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ZKTeco Co", "product": "WL20 Biometric Attendance System", "versions": [{"status": "affected", "version": "<=ZLM31-FXO1-3.1.8"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0172", "tags": ["third-party-advisory"]}], "workarounds": [{"lang": "en", "value": "* Apply mitigations as per vendor instructions (whenever available) or discontinue the use of the product if mitigations are unavailable. \n * Perform risk assessment and implement physical security controls to prevent unauthorized access to the device.", "supportingMedia": [{"type": "text/html", "value": "<ul><li>Apply mitigations as per vendor instructions (whenever available) or discontinue the use of the product if mitigations are unavailable. </li><li>Perform risk assessment and implement physical security controls to prevent unauthorized access to the device.</li></ul>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi credentials, configuration data and system data in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the plaintext sensitive data stored in the targeted device. \n\nSuccessful exploitation of this vulnerability could allow the attacker to gain unauthorized network access, retrieve and manipulate data on the targeted device.", "supportingMedia": [{"type": "text/html", "value": "This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi credentials, configuration data and system data in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the plaintext sensitive data stored in the targeted device. <br><br>Successful exploitation of this vulnerability could allow the attacker to gain unauthorized network access, retrieve and manipulate data on the targeted device.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312: Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "66834db9-ab24-42b4-be80-296b2e40335c", "shortName": "CERT-In", "dateUpdated": "2025-08-13T11:38:35.843Z"}}}, "cveMetadata": {"cveId": "CVE-2025-55280", "state": "PUBLISHED", "dateUpdated": "2025-08-13T12:59:31.423Z", "dateReserved": "2025-08-12T11:08:57.777Z", "assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c", "datePublished": "2025-08-13T11:38:35.843Z", "assignerShortName": "CERT-In"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi credentials, configuration data and system data in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the plaintext sensitive data stored in the targeted device. \n\nSuccessful exploitation of this vulnerability could allow the attacker to gain unauthorized network access, retrieve and manipulate data on the targeted device."}, {"lang": "es", "value": "Esta vulnerabilidad existe en ZKTeco WL20 debido al almacenamiento de credenciales de Wi-Fi, datos de configuraci\u00f3n y datos del sistema en texto plano dentro del firmware del dispositivo. Un atacante con acceso f\u00edsico podr\u00eda explotar esta vulnerabilidad extrayendo el firmware y aplicando ingenier\u00eda inversa a los datos binarios para acceder a la informaci\u00f3n confidencial en texto plano almacenada en el dispositivo objetivo. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante obtener acceso no autorizado a la red, recuperar y manipular datos del dispositivo objetivo."}], "id": "CVE-2025-55280", "lastModified": "2025-08-13T17:33:46.673", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vdisclose@cert-in.org.in", "type": "Secondary"}]}, "published": "2025-08-13T12:15:27.060", "references": [{"source": "vdisclose@cert-in.org.in", "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0172"}], "sourceIdentifier": "vdisclose@cert-in.org.in", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "vdisclose@cert-in.org.in", "type": "Primary"}]}

{}