PT-2025-49313 · Tozed · Tozed Zlt M30S Pro+1
Published
2025-12-05
·
Updated
2025-12-17
·
CVE-2025-14105
CVSS v3.1
4.3
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
TOZED ZLT M30S and ZLT M30S PRO versions 1.47/3.09.06
Description
A flaw exists in the Web Interface component of TOZED ZLT M30S and ZLT M30S PRO. The issue is related to the manipulation of the
goformId argument with the input REBOOT DEVICE within the '/reqproc/proc post' file. This can result in a denial of service. The attack is limited to the local network. The vulnerability has been publicly disclosed. The vendor was notified but did not respond.Recommendations
Apply a fix or update to a version beyond 1.47/3.09.06.
As a temporary workaround, restrict access to the '/reqproc/proc post' file.
Avoid using the
goformId parameter with the REBOOT DEVICE input.Exploit
Fix
DoS
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tozed Zlt M30S
Tozed Zlt M30S Pro