Vulnerability Description
A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gztozed | Zlt M30S Firmware | <= 1.47 |
| Gztozed | Zlt M30S | - |
Related Weaknesses (CWE)
References
- https://vuldb.com/?ctiid.338410Permissions RequiredVDB Entry
- https://vuldb.com/?id.338410Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.707306Third Party AdvisoryVDB Entry
- https://www.hacklab.eu.org/blogs/zlt_m30s_information_disclosureExploitThird Party Advisory
- https://youtu.be/u_H29UdiPOcExploit
FAQ
What is CVE-2025-15082?
CVE-2025-15082 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argumen...
How severe is CVE-2025-15082?
CVE-2025-15082 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-15082?
Check the references section above for vendor advisories and patch information. Affected products include: Gztozed Zlt M30S Firmware, Gztozed Zlt M30S.