Through reverse engineering firmware dumps (using binwalk and firmware-mod-kit) and analyzing support forums, three dominant credential sets emerge for the ZMM220 family. Try them in the following order:
Before diving into the specifics of the default Telnet password, it's crucial to understand what the ZMM220 is and its role in network infrastructure. The ZMM220 is part of ZTE's series of network management devices, designed to monitor, manage, and troubleshoot network operations. Its capabilities include performance monitoring, fault management, and configuration management, making it an indispensable tool for network administrators.
Research and empirical testing confirm that the ZMM220 platform ships with a default Telnet daemon enabled. The standard credentials are often one of the following combinations:
Note: The specific credential pair depends on the OEM manufacturer utilizing the ZMM220 board, but the "root" access is almost always available via Telnet.
Shipping a product with the ZMM220 reference design?
Likelihood: High Automated botnets actively scan the internet for Port 23 (Telnet) and attempt brute-force login using default credential dictionaries. Devices exposed to the public internet are compromised within minutes of deployment.
Impact: Critical Successful exploitation results in a complete loss of confidentiality, integrity, and availability of the affected device. If the device resides on a trusted internal network, an attacker could potentially pivot to other critical servers or exfiltrate sensitive data (e.g., video surveillance feeds).
Once you have accessed your ZMM220 using the default credentials, it's imperative to secure your device to prevent unauthorized access. Here are several steps to enhance the security of your ZMM220:
It is recommended that the IT Security team immediately perform the following actions:
The ZMM220 platform (often used in ZKTeco devices like the F18) typically uses the following default credentials for Telnet access: Common Default Credentials Username root z1k2t3e4c5h root solokey root colorkey root swsbzkgn Key Login Scenarios
System Root Access: For direct shell access (e.g., via Telnet on port 23 or 10086), use root with z1k2t3e4c5h.
Web Interface/General Admin: If accessing the device's web UI, the default is often admin / admin or administrator / 123456.
Device Menu Access: To unlock the physical device menu, the default PIN is typically 1234 or 8888. Troubleshooting Access
Verify Platform: You can confirm if your device uses the ZMM220 kernel by checking the system information in the device menu or by looking for "ZMM220" in the Telnet welcome banner.
Port 10086: Some ZMM220 devices use port 10086 instead of the standard Telnet port 23 for administrative shell access.
Temporary Admin Reset: If you are locked out of the physical menu, you can sometimes generate a temporary one-minute password based on the device's current time using tools provided by ZKTeco support or third-party reset guides.
devices built on the core board (commonly found in fingerprint readers like the F18), the default Telnet credentials often vary depending on the firmware version or specific distributor.
The most common default Telnet login credentials for these units are: z1k2t3e4c5h Common Alternatives
If the above password does not work, try these standard factory defaults: (Leave blank) administrator Williams AV How to Find Your Specific Password
If none of the above work, you can often find the password hidden in the device's configuration backup: Export Config:
Use the web interface to download the device's backup/configuration file (often named ZKConfig.cfg or similar). Inspect File: Open the file in a text editor and search for the string . The value following it is typically your telnet password. Important Ports Telnet Port: 23 (Default) or in some Linux-based MIPS firmware. SDK/Proprietary Port:
Since Telnet sends data in plain text, it is highly recommended to disable it or change the default password immediately after setup to prevent unauthorized access. how to change the Telnet password through the CLI once you are logged in? Not working with new device - guidance needed #14 - GitHub
(a ZKTeco core board used in biometric terminals) typically uses the following default credentials for Telnet and administrative access: If you are accessing the device menu
directly or through the SDK, the default administrator password is often www.zkteco.com.br Connection Steps Network Setup:
Ensure your PC is on the same subnet as the ZMM220 board (standard default IP is often 192.168.1.201 Terminal Client: Use a client like or the native Windows command prompt. telnet [Device_IP] telnet 192.168.1.201 Enter the credentials provided above. Important Notes Case Sensitivity: Credentials like are strictly lowercase. zmm220 default telnet password
Telnet is an unencrypted protocol. It is highly recommended to change these defaults immediately upon login to prevent unauthorized access to the biometric data or system configuration. Manufacturer Support: If these do not work, consult the specific ZKTeco Support
page for your hardware model, as some firmware versions may have unique localized defaults. Installation & User Guide - ZKTeco
Enter the administrator password. (The default password is 1234.) www.zkteco.com.br User Manual - ZKTeco ☺Note: The default administrator password is 1234. www.zkteco.com.br Installation & User Guide - ZKTeco
Enter the administrator password. (The default password is 1234.) www.zkteco.com.br User Manual - ZKTeco ☺Note: The default administrator password is 1234. www.zkteco.com.br
In the dimly lit server room of a bustling office, , the junior IT technician, found himself staring at a ZKTeco biometric terminal that refused to communicate. The unit, a ZMM220-based device, was a critical gatekeeper for the building's security, but its configuration was locked tight.
Leo knew the default IP address was 192.168.1.201, and as he fired up his terminal, he saw the invitation he needed: Port 23 was open. He initiated the connection: telnet 192.168.1.201.
The screen blinked, displaying a stark greeting: Welcome to Linux (ZMM220) for MIPS Kernel. It was a common sight for those working with ZKTeco hardware platforms, where the ZMM220 kernel powered various fingerprint and access control devices.
Leo began the "Default Password Ritual," a well-known sequence among system admins: Attempt 1: He tried root with a blank password. No luck.
Attempt 2: He recalled that many of these embedded systems used common vendor combinations like admin:admin or root:root.
Attempt 3: He went for the manual's "initial password" for administrative tasks, which was often 1234 or 123456.
None of them worked. This wasn't just a standard user interface; he was looking for the deep-level root access. He dug through old security advisories and forums until he found a specific string often tucked away in configuration files for this hardware:z1k2t3e4c5h
He typed root for the login and entered the string. The prompt transformed instantly into a # symbol. He was in. Behind the simple fingerprint reader was a full Linux environment, waiting for the commands that would finally get the building's security back online. AI responses may include mistakes. Learn more
The default telnet password for the ZMM220 (often a Zigbee module or device used with IoT gateways, such as those from ZMD or similar brands) is typically admin or 123456.
However, exact credentials depend on the specific manufacturer and firmware. If you provide the full device brand (e.g., Xiaomi, Lonsonho, Moes, or a generic ZMM220 gateway), I can give a more precise answer.
For a common ZMM220-based smart gateway, the default login is often:
Safety note: If this is a device you own, check the sticker on the device or its manual. If you’re trying to access a device you don’t own, stop — unauthorized access is illegal.
is a common Linux-based hardware platform used in biometric terminals, such as the F18 fingerprint reader. While these devices are primarily managed through proprietary software or a web interface, they often have a hidden Telnet service active on port 10086 for maintenance and development. Common Telnet Credentials
Security researchers and users have identified several default login combinations for ZMM220-based hardware. Because these are factory-set and often hardcoded, they represent a significant security risk if the device is exposed to a network. Frequently cited for ZKTeco Linux platforms Common on older ZKTeco/ZKSoftware units Used in various MIPS-based firmware versions Standard fallback for many embedded devices (No password) Some versions may allow direct login Alternative Management Passwords If you are looking for credentials to access the Web Interface Physical Device Menu rather than a Telnet shell, try these defaults: Web Interface (Port 80): administrator with password Device Admin Menu: , enter User ID , and use the default password Encrypted Config Files:
In some firmware versions, the Telnet password is stored as a variable $Telnet=z1k2t3e4c5h Security Considerations
The presence of a Telnet service with a known default password allows an attacker to gain full root access to the device. Once logged in, an unauthorized user could: Extract Data: Download user fingerprint templates or access logs. Modify Settings: Change access rules or bypass security protocols. Deploy Malware:
Use the device as a pivot point to attack other systems on your local network. User Manual - zkteco.me
Based on technical documentation and community reports for ZK Teco devices using the ZMM220 core board, the default telnet password is often embedded in the system configuration.
The most commonly reported default telnet password for the ZMM220 is:z1k2t3e4c5h Key Connection Details Username: Often root or admin.
Port: The standard Telnet port is 23, but these devices often use port 4370 for proprietary communication protocols. Note: The specific credential pair depends on the
Web Interface: If you cannot access Telnet, try the web interface (port 80) where the default credentials are often admin / 123456 or administrator / 1234. How to Find/Verify the Password
If the common password does not work, you can sometimes retrieve it from the device's backup:
Download a backup of the configuration from the web interface.
Extract the backup archive (it may require removing a proprietary header). Locate the ZKConfig.cfg or Config.cfg file.
Search for the line starting with $Telnet= to see the specific password set for your firmware version. Not working with new device - guidance needed #14 - GitHub
ZKTeco ZMM220 is a robust core board used in a wide variety of biometric fingerprint and access control devices, including the F18, iClock series, and various InBio controllers. If you are looking for the
default Telnet password, you may be attempting to troubleshoot firmware, recover a locked device, or perform security research. Common Default Telnet Credentials ZKTeco ZMM220
-based devices run a version of Linux (BusyBox) on a MIPS architecture. The most frequently reported default credentials for Telnet access (port 23 or 10086) include: Username: root Password: solokey
Other common passwords for root: colorkey, swsbzkgn, or no password (blank).
If the standard root logins do not work, researchers have also identified the following administrative combinations for related services: admin / 1234 administrator / 123456 888 / manage or manage / 888 How to Access the ZMM220 via Telnet
Identify the IP Address: Use the device menu or a network scanner to find the device's IP (often default 192.168.1.201).
Open a Connection: Use a Telnet client (like PuTTY or the Windows Command Prompt). telnet [IP_ADDRESS] Note: Some versions use non-standard ports like 10086.
Enter Credentials: Use the root / solokey combination first. Troubleshooting "Access Denied"
If you cannot log in using default credentials, it may be due to one of the following:
However, here are some general points to consider regarding default telnet passwords and security:
Without more specific information about the "zmm220," it's difficult to provide a precise default telnet password. If you're looking for information on a particular device, consulting the user manual, manufacturer's website, or technical support resources may yield the necessary details.
Subject: ZMM220 Default Telnet Credentials
Device Model: ZMM220 (4G LTE CPE / Modem)
Regarding the default Telnet access for the ZMM220:
Note: Telnet is typically disabled by default on recent firmware for security reasons. To enable it:
Security Warning: If your device is connected to the internet with default credentials, change the admin password immediately and disable Telnet unless explicitly required. Leaving default Telnet access active exposes the device to remote takeover.
Understanding the ZMM220 ZKTeco Terminal: Security and Access
The ZMM220 is a widely used core development platform (motherboard) for ZKTeco’s biometric time attendance and access control terminals. Because these devices often run a customized Linux-based firmware, they frequently have Telnet enabled for debugging or remote management.
However, leaving these services open with default credentials poses a significant security risk to an organization's physical security infrastructure. Default Telnet Credentials The ZMM220 platform (often used in ZKTeco devices
For most ZKTeco ZMM220-based devices, the default Telnet login credentials are: Username: root Password: solu8216
Note: In some firmware versions or regional variations, the password may be blank or admin, but solu8216 is the most common "factory" credential found in technical documentation and developer forums. Why is Telnet Enabled?
Telnet is often left active by manufacturers for several functional reasons:
Remote Troubleshooting: Allowing technicians to check system logs or hardware status without being physically present.
Firmware Updates: Pushing manual updates or patches directly to the device filesystem.
Database Management: Accessing the local SQLite database to manage user templates and logs when the web interface or software fails. Security Implications
Accessing the device via Telnet provides root-level access. An unauthorized user with these credentials can:
Extract Data: Download user biometric templates, names, and access logs.
Modify Access Rules: Remotely trigger a door lock (relay) or add new "authorized" users.
Disable Logging: Clear audit trails to hide unauthorized entry.
Install Malware: Use the terminal as a pivot point to attack other devices on the internal network. Best Practices for Securing Your ZMM220 Device
If you are managing these devices, it is critical to move beyond factory settings:
Change the Root Password: Immediately change the password using the passwd command after logging in via Telnet.
Disable Telnet: If remote CLI access is not required for daily operations, disable the Telnet service through the device's advanced settings menu or by killing the telnetd process in the startup scripts.
Network Isolation: Place biometric terminals on a dedicated VLAN with strict firewall rules. They should only communicate with the specific IP address of the attendance management server.
Use SSH: If remote access is necessary, check if your firmware supports SSH, which provides encrypted communication unlike the clear-text nature of Telnet. How to Login (Step-by-Step)
Identify the IP: Find the device's IP address via the on-screen menu (Comm. > Ethernet).
Connect: Open a terminal or command prompt and type: telnet [Device_IP]. Enter Credentials: Use root and solu8216.
Verify: You should see a command prompt (usually #), indicating you have root access to the Linux filesystem. If you'd like to dive deeper,
Help resetting a forgotten admin password on the physical device menu.
A list of Linux commands specific to ZKTeco file structures for log retrieval.
Unlocking the ZMM220: A Comprehensive Guide to Default Telnet Passwords and Secure Configuration
The ZMM220, a device from the reputable manufacturer ZTE, is a versatile and feature-rich piece of equipment designed to facilitate efficient and reliable network management. As with many network devices, accessing the ZMM220 for configuration and management often requires authentication through Telnet, a widely used protocol for remote access. However, for those unfamiliar with the device or its default settings, finding the correct Telnet password can be a challenge. This article aims to provide a detailed overview of the ZMM220's default Telnet password, along with essential information on securing your device and best practices for network management.
Default credentials are widely known and pose a major security risk. If you gain access using default credentials, change them immediately and restrict Telnet access — Telnet is unencrypted; prefer SSH if available.