The ZMM220 is a common firmware platform used in ZKTeco biometric time attendance and access control terminals. If you are trying to manage your device via a terminal interface, finding the correct login credentials is the first step. Default Telnet Credentials for ZMM220
For most ZKTeco ZMM220-based devices, the default telnet credentials are: Username: root Password: solu8910
In some firmware versions or regional variations, you might also find these common alternatives work: Username: root / Password: zkem7654 Username: root / Password: (blank/no password) Username: admin / Password: admin How to Enable Telnet on ZMM220 Devices
By default, telnet is often disabled for security reasons. If you cannot connect, you may need to enable it through the device menu or software:
Device Menu: Go to Comm. -> Ethernet and look for "Telnet" or "Remote Management" settings.
ZKAccess Software: Connect the device to the ZKAccess or ZKTime software. Look under the device parameters or advanced settings to toggle the telnet service.
ADMS/Cloud: If the device is connected to a cloud server, the telnet port might be restricted by the server's firewall rules. Common Uses for Telnet Access
Once you have successfully logged in via telnet, you can perform several advanced administrative tasks:
System Diagnostics: Check the device’s internal logs and resource usage.
Configuration Backups: Manually pull configuration files that aren't accessible via the standard UI.
Firmware Verification: Check the exact kernel version and build date of the ZMM220 platform.
Network Troubleshooting: Use tools like ping or netstat directly from the terminal to diagnose connectivity issues. ⚠️ Security Warning
Using default passwords like solu8910 poses a significant security risk. If your device is connected to a local network or the internet:
Change the Password: Use the passwd command once logged in to set a unique password.
Disable Telnet: Once your maintenance is finished, disable the telnet service to prevent unauthorized remote access.
Use a Firewall: Ensure the device is behind a robust firewall that blocks port 23 from external traffic. If you'd like, I can help you further if you tell me: The specific model number of your ZKTeco device.
The issue you are trying to solve via telnet (e.g., forgotten admin password, network error).
If you are getting a specific error message when trying to connect.
I can provide specific commands or alternative recovery methods based on your situation.
The ZMM220 is a hardware platform developed by ZKTeco for biometric access control and time attendance devices. While these devices often have a variety of "default" passwords for different interfaces (like the physical keypad or web panel), identifying the telnet password is often a critical step for system administrators and security researchers. Default Telnet Credentials
For many devices based on the ZMM220 platform, the telnet service (typically running on port 23 or sometimes 10086) uses the following default credentials: Username: root Common Passwords:
z1k2t3e4c5h (Discovered in configuration file headers of some ZK-based devices) solokey colorkey swsbzkgn Other Common Default Passwords
If the telnet-specific passwords do not work, the platform often uses standardized defaults for other access points, which may sometimes be shared with the shell: ProCheckUp/SafeScan - GitHub zmm220 default telnet password
The ZMM220 is a common core board used in many ZKTeco biometric fingerprint readers and time-attendance terminals. If you are trying to access the device via Telnet (typically on port 23), you will likely encounter a login prompt for a Linux-based environment. Default Telnet Credentials
Based on documented research and common ZKTeco configurations, the most frequent default credentials for the ZMM220 board are: Username: root Password: z1k2t3e4c5h
Note: This specific string is often found in the configuration files (ZKConfig.cfg) of ZK devices. Other common vendor defaults to try: root : colorkey root : solokey root : swsbzkgn admin : admin Useful Technical Write-Up: Accessing the Shell
Accessing the ZMM220 shell is often part of a broader security assessment or "perverting" the device for custom use.
Network Discovery: Devices often listen on port 4370 (a proprietary UDP protocol for ZK software) and port 80 (Web interface). Telnet is frequently open but may be restricted depending on the firmware version.
Configuration Extraction: If you have access to the web interface but not the shell, researchers often download the backup configuration. By stripping the proprietary header from the backup file, you can sometimes extract a .tar archive containing ZKConfig.cfg, which stores the telnet password in plain text.
Environment: Once logged in via Telnet, you are typically dropped into a MIPS-based Linux kernel (often version 3.0.8). From here, you can navigate the /mnt/mtd/ or /system/ directories where user data and binary logic are stored. Security Warning
Many of these devices use unencrypted protocols (Telnet, HTTP) and hardcoded credentials, making them highly vulnerable to network-based attacks. It is strongly recommended to: Disable Telnet if not actively needed for maintenance.
Change the default web administrator password (often administrator / 123456). Isolate these devices on a dedicated VLAN.
Are you looking to automate data extraction from this device, or are you troubleshooting a connection issue? "MIPS" Pentesting - Google Groups
(a ZKTeco core board used in biometric terminals) typically uses the following default credentials for Telnet and administrative access: If you are accessing the device menu
directly or through the SDK, the default administrator password is often www.zkteco.com.br Connection Steps Network Setup:
Ensure your PC is on the same subnet as the ZMM220 board (standard default IP is often 192.168.1.201 Terminal Client: Use a client like or the native Windows command prompt. telnet [Device_IP] telnet 192.168.1.201 Enter the credentials provided above. Important Notes Case Sensitivity: Credentials like are strictly lowercase.
Telnet is an unencrypted protocol. It is highly recommended to change these defaults immediately upon login to prevent unauthorized access to the biometric data or system configuration. Manufacturer Support: If these do not work, consult the specific ZKTeco Support
page for your hardware model, as some firmware versions may have unique localized defaults. Installation & User Guide - ZKTeco
Enter the administrator password. (The default password is 1234.) www.zkteco.com.br User Manual - ZKTeco ☺Note: The default administrator password is 1234. www.zkteco.com.br Installation & User Guide - ZKTeco
Enter the administrator password. (The default password is 1234.) www.zkteco.com.br User Manual - ZKTeco ☺Note: The default administrator password is 1234. www.zkteco.com.br
The ZMM220 platform (often used in ZKTeco devices like the F18) typically uses the following default credentials for Telnet access: Common Default Credentials Username root z1k2t3e4c5h root solokey root colorkey root swsbzkgn Key Login Scenarios
System Root Access: For direct shell access (e.g., via Telnet on port 23 or 10086), use root with z1k2t3e4c5h.
Web Interface/General Admin: If accessing the device's web UI, the default is often admin / admin or administrator / 123456.
Device Menu Access: To unlock the physical device menu, the default PIN is typically 1234 or 8888. Troubleshooting Access
Verify Platform: You can confirm if your device uses the ZMM220 kernel by checking the system information in the device menu or by looking for "ZMM220" in the Telnet welcome banner. The ZMM220 is a common firmware platform used
Port 10086: Some ZMM220 devices use port 10086 instead of the standard Telnet port 23 for administrative shell access.
Temporary Admin Reset: If you are locked out of the physical menu, you can sometimes generate a temporary one-minute password based on the device's current time using tools provided by ZKTeco support or third-party reset guides.
However, here are some general points to consider regarding default telnet passwords and security:
Default Passwords: Many devices and systems come with default usernames and passwords, which are often set to generic or well-known values like "admin" for the username and "password" or "1234" for the password. These default credentials are typically used for initial setup and configuration.
Security Risks: Using default or easily guessable passwords poses significant security risks. Unauthorized access to a device or system can lead to data breaches, system compromise, and other security issues.
Telnet Security: Telnet (short for "Teletype Network" or "Terminal Network") is a network protocol that allows you to establish a text-based communication session between your local computer and a remote device or system. However, telnet is considered insecure because it transmits data, including passwords, in plain text. This makes it easy for intercepted communications to be read by unauthorized parties.
Best Practices: For secure remote access, it's recommended to use protocols like SSH (Secure Shell), which encrypts data during transmission. If telnet is used, consider the following:
Without more specific information about the "zmm220," it's difficult to provide a precise default telnet password. If you're looking for information on a particular device, consulting the user manual, manufacturer's website, or technical support resources may yield the necessary details.
For the ZKTeco ZMM220 platform, which is often used in devices like the F18, there isn't a single universal "default" Telnet password as they vary by firmware and vendor. However, common default credentials for ZKTeco devices including the ZMM220 kernel are: User: root / Password: solokey User: root / Password: colorkey User: root / Password: swsbzkgn User: root / Password: z1k2t3e4c5h Other Common Credentials
If you are trying to access a web interface or local menu, try these standard defaults: Web Panel: administrator : 123456 Admin Menu: 8888 Local Administrator: 1234 ZKTeco Admin Password Reset
In the dimly lit server room of a bustling office, , the junior IT technician, found himself staring at a ZKTeco biometric terminal that refused to communicate. The unit, a ZMM220-based device, was a critical gatekeeper for the building's security, but its configuration was locked tight.
Leo knew the default IP address was 192.168.1.201, and as he fired up his terminal, he saw the invitation he needed: Port 23 was open. He initiated the connection: telnet 192.168.1.201.
The screen blinked, displaying a stark greeting: Welcome to Linux (ZMM220) for MIPS Kernel. It was a common sight for those working with ZKTeco hardware platforms, where the ZMM220 kernel powered various fingerprint and access control devices.
Leo began the "Default Password Ritual," a well-known sequence among system admins: Attempt 1: He tried root with a blank password. No luck.
Attempt 2: He recalled that many of these embedded systems used common vendor combinations like admin:admin or root:root.
Attempt 3: He went for the manual's "initial password" for administrative tasks, which was often 1234 or 123456.
None of them worked. This wasn't just a standard user interface; he was looking for the deep-level root access. He dug through old security advisories and forums until he found a specific string often tucked away in configuration files for this hardware:z1k2t3e4c5h
He typed root for the login and entered the string. The prompt transformed instantly into a # symbol. He was in. Behind the simple fingerprint reader was a full Linux environment, waiting for the commands that would finally get the building's security back online. AI responses may include mistakes. Learn more
The default telnet password for the ZMM220 (often a Zigbee module or device used with IoT gateways, such as those from ZMD or similar brands) is typically admin or 123456.
However, exact credentials depend on the specific manufacturer and firmware. If you provide the full device brand (e.g., Xiaomi, Lonsonho, Moes, or a generic ZMM220 gateway), I can give a more precise answer.
For a common ZMM220-based smart gateway, the default login is often:
adminadmin or blank (empty) or 123456Safety note: If this is a device you own, check the sticker on the device or its manual. If you’re trying to access a device you don’t own, stop — unauthorized access is illegal. Default Passwords: Many devices and systems come with
ZKTeco ZMM220 is a robust core board used in a wide variety of biometric fingerprint and access control devices, including the F18, iClock series, and various InBio controllers. If you are looking for the
default Telnet password, you may be attempting to troubleshoot firmware, recover a locked device, or perform security research. Common Default Telnet Credentials ZKTeco ZMM220
-based devices run a version of Linux (BusyBox) on a MIPS architecture. The most frequently reported default credentials for Telnet access (port 23 or 10086) include: Username: root Password: solokey
Other common passwords for root: colorkey, swsbzkgn, or no password (blank).
If the standard root logins do not work, researchers have also identified the following administrative combinations for related services: admin / 1234 administrator / 123456 888 / manage or manage / 888 How to Access the ZMM220 via Telnet
Identify the IP Address: Use the device menu or a network scanner to find the device's IP (often default 192.168.1.201).
Open a Connection: Use a Telnet client (like PuTTY or the Windows Command Prompt). telnet [IP_ADDRESS] Note: Some versions use non-standard ports like 10086.
Enter Credentials: Use the root / solokey combination first. Troubleshooting "Access Denied"
If you cannot log in using default credentials, it may be due to one of the following:
If "zmm220" refers to a specific device or system:
Check the Manual or Documentation: The first step is always to consult the official manual or documentation that came with the device. Manufacturers often list default usernames and passwords in these resources.
Manufacturer's Website: Visit the manufacturer's website and look for a support or FAQ section. Sometimes, default login credentials are posted there, especially for commonly used devices or systems.
Common Default Credentials: If you know the type of device or system (e.g., network equipment, industrial control systems), you might try common default credentials. These can often be found online in databases or forums where users share this information for various devices.
Reset to Default: If you have physical access to the device and it's possible to reset it, this might restore the original default password. However, be aware that this can also reset other settings, potentially causing loss of configuration.
Contact Support: If all else fails, reaching out to the device's manufacturer support team can provide the necessary information. They can guide you through the process of resetting or retrieving the default password.
This report details a critical security vulnerability identified in devices utilizing the ZMM220 platform (commonly associated with embedded Linux systems, DVRs, IP cameras, and industrial control systems). The device firmware utilizes a default Telnet service with hardcoded credentials. This vulnerability allows unauthenticated remote attackers to gain full administrative (root) access to the device, posing a severe risk to network integrity.
Research and empirical testing confirm that the ZMM220 platform ships with a default Telnet daemon enabled. The standard credentials are often one of the following combinations:
admin | Password: adminroot | Password: 123456root | Password: juantech (Specific to certain ZMM220 OEM firmware)xmhdipc | Password: xmhdipc (Common in XiongMai based boards utilizing ZMM220)Note: The specific credential pair depends on the OEM manufacturer utilizing the ZMM220 board, but the "root" access is almost always available via Telnet.
Finding the zmm220 default telnet password is trivial; understanding the risk is vital.
Default credentials are widely known and pose a major security risk. If you gain access using default credentials, change them immediately and restrict Telnet access — Telnet is unencrypted; prefer SSH if available.
The ZMM220 is a reference board design often used by Original Equipment Manufacturers (OEMs) for video surveillance and IoT devices.
root privileges. This gives an attacker complete control over the file system, allowing them to: