CVE-2025-15082

Sažetak

A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Reference

https://vuldb.com/?ctiid.338410
https://vuldb.com/?id.338410
https://vuldb.com/?submit.707306
https://www.hacklab.eu.org/blogs/zlt_m30s_information_disclosure
https://youtu.be/u_H29UdiPOc

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

25-12-2025 - 17:15

Objavljeno

25-12-2025 - 17:15