CVE-2025-15082

Summary

A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
TOZEDZLT M30s1.0affected
TOZEDZLT M30s1.1affected
TOZEDZLT M30s1.2affected
TOZEDZLT M30s1.3affected
TOZEDZLT M30s1.4affected
TOZEDZLT M30s1.5affected
TOZEDZLT M30s1.6affected
TOZEDZLT M30s1.7affected
TOZEDZLT M30s1.8affected
TOZEDZLT M30s1.9affected
TOZEDZLT M30s1.10affected
TOZEDZLT M30s1.11affected
TOZEDZLT M30s1.12affected
TOZEDZLT M30s1.13affected
TOZEDZLT M30s1.14affected
TOZEDZLT M30s1.15affected
TOZEDZLT M30s1.16affected
TOZEDZLT M30s1.17affected
TOZEDZLT M30s1.18affected
TOZEDZLT M30s1.19affected
TOZEDZLT M30s1.20affected
TOZEDZLT M30s1.21affected
TOZEDZLT M30s1.22affected
TOZEDZLT M30s1.23affected
TOZEDZLT M30s1.24affected
TOZEDZLT M30s1.25affected
TOZEDZLT M30s1.26affected
TOZEDZLT M30s1.27affected
TOZEDZLT M30s1.28affected
TOZEDZLT M30s1.29affected
TOZEDZLT M30s1.30affected
TOZEDZLT M30s1.31affected
TOZEDZLT M30s1.32affected
TOZEDZLT M30s1.33affected
TOZEDZLT M30s1.34affected
TOZEDZLT M30s1.35affected
TOZEDZLT M30s1.36affected
TOZEDZLT M30s1.37affected
TOZEDZLT M30s1.38affected
TOZEDZLT M30s1.39affected
TOZEDZLT M30s1.40affected
TOZEDZLT M30s1.41affected
TOZEDZLT M30s1.42affected
TOZEDZLT M30s1.43affected
TOZEDZLT M30s1.44affected
TOZEDZLT M30s1.45affected
TOZEDZLT M30s1.46affected
TOZEDZLT M30s1.47affected

Weaknesses

  • CWE-200: Information Disclosure
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References