PT-2025-49359 · Tozed · Tozed Zlt M30S+1

S33K3R

Publicado

2025-12-06

Atualizado

2025-12-11

CVE-2025-14126

CVSS v3.1

8.8

Alta

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TOZED ZLT M30S versions 1.47 and 3.09.06 TOZED ZLT M30S PRO versions 1.47 and 3.09.06

Description A security issue exists in TOZED ZLT M30S and ZLT M30S PRO devices. The issue involves hard-coded credentials within an unknown function of the Web Interface component. Exploitation requires local network access. The exploit for this issue has been publicly disclosed, and the vendor has not responded to reports regarding this disclosure.

Recommendations Versions 1.47 and 3.09.06 of TOZED ZLT M30S and ZLT M30S PRO are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798CWE-259

Identificadores relacionados

CVE-2025-14126

Produtos afetados

Tozed Zlt M30S

Tozed Zlt M30S Pro

PT-2025-49359 · Tozed · Tozed Zlt M30S+1

CVE-2025-14126

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12