← volver
CVE-2025-15082

TOZED ZLT M30s Web Management proc_post information disclosure

CVSS 6.9 MEDIUMEPSS 0.6%CWE-200CWE-284
A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Productos afectados
TOZED · ZLT M30s

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://vuldb.com/?ctiid.338410https://vuldb.com/?id.338410https://vuldb.com/?submit.707306https://www.hacklab.eu.org/blogs/zlt_m30s_information_disclosurehttps://youtu.be/u_H29UdiPOc