CVE-2025-14126

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TOZED ZLT M30S versions 1.47 and 3.09.06 TOZED ZLT M30S PRO versions 1.47 and 3.09.06

Description A security issue exists in TOZED ZLT M30S and ZLT M30S PRO devices. The issue involves hard-coded credentials within an unknown function of the Web Interface component. Exploitation requires local network access. The exploit for this issue has been publicly disclosed, and the vendor has not responded to reports regarding this disclosure.

Recommendations Versions 1.47 and 3.09.06 of TOZED ZLT M30S and ZLT M30S PRO are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-259

Related Identifiers

CVE-2025-14126

Affected Products

Tozed Zlt M30S

Tozed Zlt M30S Pro

CVE-2025-14126

Weakness Enumeration

Related Identifiers

Affected Products

References · 12