PT-2025-53405 · Tozed · Tozed Zlt M30S

S33K3R

Publicado

2025-12-25

Atualizado

2026-01-20

CVE-2025-15082

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions TOZED ZLT M30s versions up to 1.47

Description A flaw exists in TOZED ZLT M30s, specifically within the Web Management Interface component. Manipulation of the goformId argument in a request to the /reqproc/proc post file can lead to information disclosure. The attack can be initiated remotely. The exploit for this issue has been publicly released. The vendor was notified but did not respond.

Recommendations Versions up to 1.47 should be updated when a fix becomes available. As a temporary workaround, consider restricting access to the /reqproc/proc post file to minimize the risk of exploitation.

Exploit

Correção

Information Disclosure

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-284

Identificadores relacionados

CVE-2025-15082

Produtos afetados

Tozed Zlt M30S

PT-2025-53405 · Tozed · Tozed Zlt M30S

CVE-2025-15082

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13