CONFIDENTIAL SECURITY ADVISORY
To: IT Security Department / Network Operations Center From: [Your Name/Department] Date: October 26, 2023 Subject: Security Vulnerability Assessment: ZMM220 Default Telnet Credentials
It is recommended that the IT Security team immediately perform the following actions:
ZKTeco ZMM220 is a common hardware platform used in biometric terminals like the F18, ProCapture, and UF200. For most of these devices, the Telnet service is either disabled by default or secured with factory-set credentials that are not meant for end-user access. Known Default Telnet Credentials If Telnet is enabled (often on port
), research and security advisories indicate the following common root-level credentials used across the ZMM220 platform: Frequently found on ZMM-based Linux builds Used in older ZKSoftware/ZKTeco firmware Common hardcoded password for developer access Generic fallback for some web and CLI interfaces 🛠️ Common Default System Passwords
If you are looking for general admin access rather than command-line (Telnet) access, these are the standard factory defaults: Standalone Device - Access Control - ZKTeco
The ZMM220 is a hardware platform developed by ZKTeco for biometric access control and time attendance devices. While these devices often have a variety of "default" passwords for different interfaces (like the physical keypad or web panel), identifying the telnet password is often a critical step for system administrators and security researchers. Default Telnet Credentials
For many devices based on the ZMM220 platform, the telnet service (typically running on port 23 or sometimes 10086) uses the following default credentials: Username: root Common Passwords:
z1k2t3e4c5h (Discovered in configuration file headers of some ZK-based devices) solokey colorkey swsbzkgn Other Common Default Passwords
If the telnet-specific passwords do not work, the platform often uses standardized defaults for other access points, which may sometimes be shared with the shell: ProCheckUp/SafeScan - GitHub
The ZMM220 is a common hardware platform used in ZKTeco biometric devices, such as fingerprint and facial recognition terminals. If you are attempting to access the command-line interface via Telnet, the default credentials can vary depending on the specific firmware version or vendor customization. Common Default Telnet Credentials
For ZKTeco devices built on the ZMM220 platform, researchers and documentation suggest trying the following combinations: Username: root Passwords to try: solokey colorkey swsbzkgn (Leave blank) Alternative Administrative Credentials
If you are prompted for a login on a different interface (such as a web server or local console), these standard ZKTeco defaults may apply: Web Server (Web 3.0): User administrator, Password 123456.
Local Admin Menu: User ID 8888, Password 1234 or a time-based "Super Password". Gateway Login: Password admin. How to Connect Open your terminal or command prompt. Type telnet [Device_IP] (default port is usually 23). Enter the credentials from the list above.
Note: For many modern ZKTeco devices, Telnet is disabled by default for security. You may need to enable it through the device's system settings or by contacting ZKTeco Technical Support to adjust parameters like ServerType.
In the dimly lit server room of a bustling office, , the junior IT technician, found himself staring at a ZKTeco biometric terminal that refused to communicate. The unit, a ZMM220-based device, was a critical gatekeeper for the building's security, but its configuration was locked tight.
Leo knew the default IP address was 192.168.1.201, and as he fired up his terminal, he saw the invitation he needed: Port 23 was open. He initiated the connection: telnet 192.168.1.201. zmm220 default telnet password
The screen blinked, displaying a stark greeting: Welcome to Linux (ZMM220) for MIPS Kernel. It was a common sight for those working with ZKTeco hardware platforms, where the ZMM220 kernel powered various fingerprint and access control devices.
Leo began the "Default Password Ritual," a well-known sequence among system admins: Attempt 1: He tried root with a blank password. No luck.
Attempt 2: He recalled that many of these embedded systems used common vendor combinations like admin:admin or root:root.
Attempt 3: He went for the manual's "initial password" for administrative tasks, which was often 1234 or 123456.
None of them worked. This wasn't just a standard user interface; he was looking for the deep-level root access. He dug through old security advisories and forums until he found a specific string often tucked away in configuration files for this hardware:z1k2t3e4c5h
He typed root for the login and entered the string. The prompt transformed instantly into a # symbol. He was in. Behind the simple fingerprint reader was a full Linux environment, waiting for the commands that would finally get the building's security back online. AI responses may include mistakes. Learn more
The ZMM220 is a common firmware platform used in ZKTeco biometric time attendance and access control terminals. If you are trying to manage your device via a terminal interface, finding the correct login credentials is the first step. Default Telnet Credentials for ZMM220
For most ZKTeco ZMM220-based devices, the default telnet credentials are: Username: root Password: solu8910
In some firmware versions or regional variations, you might also find these common alternatives work: Username: root / Password: zkem7654 Username: root / Password: (blank/no password) Username: admin / Password: admin How to Enable Telnet on ZMM220 Devices
By default, telnet is often disabled for security reasons. If you cannot connect, you may need to enable it through the device menu or software:
Device Menu: Go to Comm. -> Ethernet and look for "Telnet" or "Remote Management" settings.
ZKAccess Software: Connect the device to the ZKAccess or ZKTime software. Look under the device parameters or advanced settings to toggle the telnet service.
ADMS/Cloud: If the device is connected to a cloud server, the telnet port might be restricted by the server's firewall rules. Common Uses for Telnet Access
Once you have successfully logged in via telnet, you can perform several advanced administrative tasks:
System Diagnostics: Check the device’s internal logs and resource usage.
Configuration Backups: Manually pull configuration files that aren't accessible via the standard UI. CONFIDENTIAL SECURITY ADVISORY To: IT Security Department /
Firmware Verification: Check the exact kernel version and build date of the ZMM220 platform.
Network Troubleshooting: Use tools like ping or netstat directly from the terminal to diagnose connectivity issues. ⚠️ Security Warning
Using default passwords like solu8910 poses a significant security risk. If your device is connected to a local network or the internet:
Change the Password: Use the passwd command once logged in to set a unique password.
Disable Telnet: Once your maintenance is finished, disable the telnet service to prevent unauthorized remote access.
Use a Firewall: Ensure the device is behind a robust firewall that blocks port 23 from external traffic. If you'd like, I can help you further if you tell me: The specific model number of your ZKTeco device.
The issue you are trying to solve via telnet (e.g., forgotten admin password, network error).
If you are getting a specific error message when trying to connect.
I can provide specific commands or alternative recovery methods based on your situation.
The default telnet password for the ZMM220 (often a Zigbee module or device used with IoT gateways, such as those from ZMD or similar brands) is typically admin or 123456.
However, exact credentials depend on the specific manufacturer and firmware. If you provide the full device brand (e.g., Xiaomi, Lonsonho, Moes, or a generic ZMM220 gateway), I can give a more precise answer.
For a common ZMM220-based smart gateway, the default login is often:
Safety note: If this is a device you own, check the sticker on the device or its manual. If you’re trying to access a device you don’t own, stop — unauthorized access is illegal.
If Set 1 fails, the manufacturer has likely applied a standard Chinese firmware overlay.
The zmm220 default telnet password is not a secret—it is a well-documented feature of legacy embedded design. For the three most likely scenarios, the keys are: blank/root, admin/admin, or zmm220/zmm220.
However, successfully logging in should be the beginning of your work, not the end. Use that shell to audit the device, patch the vulnerabilities, and disable the ancient Telnet service. In 2025, leaving port 23 open with default credentials is functionally equivalent to leaving the key in your front door lock, with a neon sign pointing to it. ZKTeco ZMM220 is a common hardware platform used
Remember: With great shell access comes great responsibility. Use these credentials only on devices you own or have explicit permission to test.
Disclaimer: This article is for educational and defensive security purposes only. Unauthorized access to computer systems is illegal under the Computer Fraud and Abuse Act (CFAA) and similar international laws.
Based on technical documentation and community reports for ZK Teco devices using the ZMM220 core board, the default telnet password is often embedded in the system configuration.
The most commonly reported default telnet password for the ZMM220 is:z1k2t3e4c5h Key Connection Details Username: Often root or admin.
Port: The standard Telnet port is 23, but these devices often use port 4370 for proprietary communication protocols.
Web Interface: If you cannot access Telnet, try the web interface (port 80) where the default credentials are often admin / 123456 or administrator / 1234. How to Find/Verify the Password
If the common password does not work, you can sometimes retrieve it from the device's backup:
Download a backup of the configuration from the web interface.
Extract the backup archive (it may require removing a proprietary header). Locate the ZKConfig.cfg or Config.cfg file.
Search for the line starting with $Telnet= to see the specific password set for your firmware version. Not working with new device - guidance needed #14 - GitHub
If "zmm220" refers to a specific device or system:
If Telnet rejects all logins, the device may be using a shadow password file. However, if you have physical access to the PCB, look for a 4-pin UART header. The serial console (baud rate 57600 or 115200) often bypasses Telnet security entirely, allowing you to drop into a recovery shell using the bootloader.
Finding the zmm220 default telnet password is trivial; understanding the risk is vital.
Once you are logged in via Telnet, immediately secure the device:
Enable SSH instead:
opkg update
opkg install dropbear
/etc/init.d/dropbear enable
/etc/init.d/dropbear start
Effective network management goes beyond securing individual devices. Implementing comprehensive network management strategies can help ensure the reliability, performance, and security of your network: