TOZED ZLT M30s Web Management proc_post information disclosure_CVE-2025-15082

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-15082

Source VulDB

Published Dec 25, 2025 at 17:02

Affected Product

Vendor TOZED

Product ZLT M30s

Version 1.0

Affected Versions TOZED ZLT M30s 1.0
TOZED ZLT M30s 1.1
TOZED ZLT M30s 1.2
TOZED ZLT M30s 1.3
TOZED ZLT M30s 1.4
TOZED ZLT M30s 1.5
TOZED ZLT M30s 1.6
TOZED ZLT M30s 1.7
TOZED ZLT M30s 1.8
TOZED ZLT M30s 1.9
TOZED ZLT M30s 1.10
TOZED ZLT M30s 1.11
TOZED ZLT M30s 1.12
TOZED ZLT M30s 1.13
TOZED ZLT M30s 1.14
TOZED ZLT M30s 1.15
TOZED ZLT M30s 1.16
TOZED ZLT M30s 1.17
TOZED ZLT M30s 1.18
TOZED ZLT M30s 1.19
TOZED ZLT M30s 1.20
TOZED ZLT M30s 1.21
TOZED ZLT M30s 1.22
TOZED ZLT M30s 1.23
TOZED ZLT M30s 1.24
TOZED ZLT M30s 1.25
TOZED ZLT M30s 1.26
TOZED ZLT M30s 1.27
TOZED ZLT M30s 1.28
TOZED ZLT M30s 1.29
TOZED ZLT M30s 1.30
TOZED ZLT M30s 1.31
TOZED ZLT M30s 1.32
TOZED ZLT M30s 1.33
TOZED ZLT M30s 1.34
TOZED ZLT M30s 1.35
TOZED ZLT M30s 1.36
TOZED ZLT M30s 1.37
TOZED ZLT M30s 1.38
TOZED ZLT M30s 1.39
TOZED ZLT M30s 1.40
TOZED ZLT M30s 1.41
TOZED ZLT M30s 1.42
TOZED ZLT M30s 1.43
TOZED ZLT M30s 1.44
TOZED ZLT M30s 1.45
TOZED ZLT M30s 1.46
TOZED ZLT M30s 1.47

CWE Classification

CWE-200 CWE-284

References

{
    "lastseen": "",
    "description": "A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-12-25T17:02:09.345Z",
    "modified": "2025-12-25T17:02:09.345Z",
    "type": "cve",
    "title": "TOZED ZLT M30s Web Management proc_post information disclosure",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.338410\nhttps://vuldb.com/?ctiid.338410\nhttps://vuldb.com/?submit.707306\nhttps://www.hacklab.eu.org/blogs/zlt_m30s_information_disclosure\nhttps://youtu.be/u_H29UdiPOc",
    "id": "CVE-2025-15082",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "TOZED ZLT M30s 1.0\nTOZED ZLT M30s 1.1\nTOZED ZLT M30s 1.2\nTOZED ZLT M30s 1.3\nTOZED ZLT M30s 1.4\nTOZED ZLT M30s 1.5\nTOZED ZLT M30s 1.6\nTOZED ZLT M30s 1.7\nTOZED ZLT M30s 1.8\nTOZED ZLT M30s 1.9\nTOZED ZLT M30s 1.10\nTOZED ZLT M30s 1.11\nTOZED ZLT M30s 1.12\nTOZED ZLT M30s 1.13\nTOZED ZLT M30s 1.14\nTOZED ZLT M30s 1.15\nTOZED ZLT M30s 1.16\nTOZED ZLT M30s 1.17\nTOZED ZLT M30s 1.18\nTOZED ZLT M30s 1.19\nTOZED ZLT M30s 1.20\nTOZED ZLT M30s 1.21\nTOZED ZLT M30s 1.22\nTOZED ZLT M30s 1.23\nTOZED ZLT M30s 1.24\nTOZED ZLT M30s 1.25\nTOZED ZLT M30s 1.26\nTOZED ZLT M30s 1.27\nTOZED ZLT M30s 1.28\nTOZED ZLT M30s 1.29\nTOZED ZLT M30s 1.30\nTOZED ZLT M30s 1.31\nTOZED ZLT M30s 1.32\nTOZED ZLT M30s 1.33\nTOZED ZLT M30s 1.34\nTOZED ZLT M30s 1.35\nTOZED ZLT M30s 1.36\nTOZED ZLT M30s 1.37\nTOZED ZLT M30s 1.38\nTOZED ZLT M30s 1.39\nTOZED ZLT M30s 1.40\nTOZED ZLT M30s 1.41\nTOZED ZLT M30s 1.42\nTOZED ZLT M30s 1.43\nTOZED ZLT M30s 1.44\nTOZED ZLT M30s 1.45\nTOZED ZLT M30s 1.46\nTOZED ZLT M30s 1.47",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ZLT M30s",
    "version": "1.0",
    "vendor": "TOZED",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}