CVE-2025-65127

Name of the Vulnerable Software and Affected Versions Shenzhen Zhibotong Electronics ZBT WE2001 version 23.09.27

Description A missing session validation check within the web API component allows unauthenticated remote attackers to access administrative functions designed for authorized users. Attackers can retrieve device configuration data, including credentials in plain text, by invoking get * operations. This bypasses normal authentication and session requirements.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.