S33K3R

#12833de 53,633
20.9CVSS total
Vulnerabilidades · 3
Média
1
Alta
2
PT-2025-53405
7.5
2025-12-25
Tozed · Tozed Zlt M30S · CVE-2025-15082
**Name of the Vulnerable Software and Affected Versions** TOZED ZLT M30s versions up to 1.47 **Description** A flaw exists in TOZED ZLT M30s, specifically within the Web Management Interface component. Manipulation of the `goformId` argument in a request to the `/reqproc/proc post` file can lead to information disclosure. The attack can be initiated remotely. The exploit for this issue has been publicly released. The vendor was notified but did not respond. **Recommendations** Versions up to 1.47 should be updated when a fix becomes available. As a temporary workaround, consider restricting access to the `/reqproc/proc post` file to minimize the risk of exploitation.
PT-2025-53406
4.6
2025-12-25
Tozed · Tozed Zlt M30S · CVE-2025-15083
**Nome do Software Vulnerável e Versões Afetadas** TOZED ZLT M30s versões até a 1.47 **Descrição** Existe uma falha no TOZED ZLT M30s até a versão 1.47 relacionada ao componente de Interface UART. A manipulação de uma `função` desconhecida dentro deste componente pode levar a um controle de acesso inadequado à interface de depuração e teste no chip. O dispositivo físico pode ser alvo deste ataque, que é descrito como altamente complexo e difícil de explorar. O exploit foi divulgado publicamente e o fornecedor foi notificado, mas não respondeu. **Recomendações** As versões até a 1.47 devem ser atualizadas quando uma correção estiver disponível. Como medida temporária, considere desativar o componente de Interface UART para minimizar o risco de exploração.
PT-2025-49359
8.8
2025-12-06
Tozed · Tozed Zlt M30S · CVE-2025-14126
**Name of the Vulnerable Software and Affected Versions** TOZED ZLT M30S versions 1.47 and 3.09.06 TOZED ZLT M30S PRO versions 1.47 and 3.09.06 **Description** A security issue exists in TOZED ZLT M30S and ZLT M30S PRO devices. The issue involves hard-coded credentials within an unknown function of the Web Interface component. Exploitation requires local network access. The exploit for this issue has been publicly disclosed, and the vendor has not responded to reports regarding this disclosure. **Recommendations** Versions 1.47 and 3.09.06 of TOZED ZLT M30S and ZLT M30S PRO are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.