S33K3R

#12847of 53,632
20.9Total CVSS
Vulnerabilities · 3
Medium
1
High
2
PT-2025-53405
7.5
2025-12-25
Tozed · Tozed Zlt M30S · CVE-2025-15082
**Name of the Vulnerable Software and Affected Versions** TOZED ZLT M30s versions up to 1.47 **Description** A flaw exists in TOZED ZLT M30s, specifically within the Web Management Interface component. Manipulation of the `goformId` argument in a request to the `/reqproc/proc post` file can lead to information disclosure. The attack can be initiated remotely. The exploit for this issue has been publicly released. The vendor was notified but did not respond. **Recommendations** Versions up to 1.47 should be updated when a fix becomes available. As a temporary workaround, consider restricting access to the `/reqproc/proc post` file to minimize the risk of exploitation.
PT-2025-53406
4.6
2025-12-25
Tozed · Tozed Zlt M30S · CVE-2025-15083
**Name of the Vulnerable Software and Affected Versions** TOZED ZLT M30s versions up to 1.47 **Description** A flaw exists in TOZED ZLT M30s up to version 1.47 related to the UART Interface component. Manipulation of an unknown `function` within this component can lead to improper access control to the on-chip debug and test interface. The physical device is targetable for this attack, which is described as highly complex and difficult to exploit. The exploit has been publicly disclosed, and the vendor was notified but did not respond. **Recommendations** Versions up to 1.47 should be updated when a fix becomes available. As a temporary workaround, consider disabling the UART Interface component to minimize the risk of exploitation.
PT-2025-49359
8.8
2025-12-06
Tozed · Tozed Zlt M30S · CVE-2025-14126
**Name of the Vulnerable Software and Affected Versions** TOZED ZLT M30S versions 1.47 and 3.09.06 TOZED ZLT M30S PRO versions 1.47 and 3.09.06 **Description** A security issue exists in TOZED ZLT M30S and ZLT M30S PRO devices. The issue involves hard-coded credentials within an unknown function of the Web Interface component. Exploitation requires local network access. The exploit for this issue has been publicly disclosed, and the vendor has not responded to reports regarding this disclosure. **Recommendations** Versions 1.47 and 3.09.06 of TOZED ZLT M30S and ZLT M30S PRO are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.