{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15082", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-12-25T09:36:35.253Z", "datePublished": "2025-12-25T17:02:09.345Z", "dateUpdated": "2025-12-26T16:37:54.066Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-12-25T17:02:09.345Z"}, "title": "TOZED ZLT M30s Web Management proc_post information disclosure", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "Information Disclosure"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "Improper Access Controls"}]}], "affected": [{"vendor": "TOZED", "product": "ZLT M30s", "versions": [{"version": "1.0", "status": "affected"}, {"version": "1.1", "status": "affected"}, {"version": "1.2", "status": "affected"}, {"version": "1.3", "status": "affected"}, {"version": "1.4", "status": "affected"}, {"version": "1.5", "status": "affected"}, {"version": "1.6", "status": "affected"}, {"version": "1.7", "status": "affected"}, {"version": "1.8", "status": "affected"}, {"version": "1.9", "status": "affected"}, {"version": "1.10", "status": "affected"}, {"version": "1.11", "status": "affected"}, {"version": "1.12", "status": "affected"}, {"version": "1.13", "status": "affected"}, {"version": "1.14", "status": "affected"}, {"version": "1.15", "status": "affected"}, {"version": "1.16", "status": "affected"}, {"version": "1.17", "status": "affected"}, {"version": "1.18", "status": "affected"}, {"version": "1.19", "status": "affected"}, {"version": "1.20", "status": "affected"}, {"version": "1.21", "status": "affected"}, {"version": "1.22", "status": "affected"}, {"version": "1.23", "status": "affected"}, {"version": "1.24", "status": "affected"}, {"version": "1.25", "status": "affected"}, {"version": "1.26", "status": "affected"}, {"version": "1.27", "status": "affected"}, {"version": "1.28", "status": "affected"}, {"version": "1.29", "status": "affected"}, {"version": "1.30", "status": "affected"}, {"version": "1.31", "status": "affected"}, {"version": "1.32", "status": "affected"}, {"version": "1.33", "status": "affected"}, {"version": "1.34", "status": "affected"}, {"version": "1.35", "status": "affected"}, {"version": "1.36", "status": "affected"}, {"version": "1.37", "status": "affected"}, {"version": "1.38", "status": "affected"}, {"version": "1.39", "status": "affected"}, {"version": "1.40", "status": "affected"}, {"version": "1.41", "status": "affected"}, {"version": "1.42", "status": "affected"}, {"version": "1.43", "status": "affected"}, {"version": "1.44", "status": "affected"}, {"version": "1.45", "status": "affected"}, {"version": "1.46", "status": "affected"}, {"version": "1.47", "status": "affected"}], "modules": ["Web Management Interface"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-12-25T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-12-25T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-12-25T10:42:22.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "S33K3R (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.338410", "name": "VDB-338410 | TOZED ZLT M30s Web Management proc_post information disclosure", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.338410", "name": "VDB-338410 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.707306", "name": "Submit #707306 | ZLT M30s MTNNGRM30S_1.47, M30S_1.47 (other versions might be vulnerable) Improper Access Control - Critical Information Disclosure", "tags": ["third-party-advisory"]}, {"url": "https://www.hacklab.eu.org/blogs/zlt_m30s_information_disclosure", "tags": ["related"]}, {"url": "https://youtu.be/u_H29UdiPOc", "tags": ["exploit", "media-coverage"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-26T16:37:43.640193Z", "id": "CVE-2025-15082", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-26T16:37:54.066Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15082", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-26T16:37:43.640193Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-26T16:37:50.694Z"}}], "cna": {"title": "TOZED ZLT M30s Web Management proc_post information disclosure", "credits": [{"lang": "en", "type": "reporter", "value": "S33K3R (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "TOZED", "modules": ["Web Management Interface"], "product": "ZLT M30s", "versions": [{"status": "affected", "version": "1.0"}, {"status": "affected", "version": "1.1"}, {"status": "affected", "version": "1.2"}, {"status": "affected", "version": "1.3"}, {"status": "affected", "version": "1.4"}, {"status": "affected", "version": "1.5"}, {"status": "affected", "version": "1.6"}, {"status": "affected", "version": "1.7"}, {"status": "affected", "version": "1.8"}, {"status": "affected", "version": "1.9"}, {"status": "affected", "version": "1.10"}, {"status": "affected", "version": "1.11"}, {"status": "affected", "version": "1.12"}, {"status": "affected", "version": "1.13"}, {"status": "affected", "version": "1.14"}, {"status": "affected", "version": "1.15"}, {"status": "affected", "version": "1.16"}, {"status": "affected", "version": "1.17"}, {"status": "affected", "version": "1.18"}, {"status": "affected", "version": "1.19"}, {"status": "affected", "version": "1.20"}, {"status": "affected", "version": "1.21"}, {"status": "affected", "version": "1.22"}, {"status": "affected", "version": "1.23"}, {"status": "affected", "version": "1.24"}, {"status": "affected", "version": "1.25"}, {"status": "affected", "version": "1.26"}, {"status": "affected", "version": "1.27"}, {"status": "affected", "version": "1.28"}, {"status": "affected", "version": "1.29"}, {"status": "affected", "version": "1.30"}, {"status": "affected", "version": "1.31"}, {"status": "affected", "version": "1.32"}, {"status": "affected", "version": "1.33"}, {"status": "affected", "version": "1.34"}, {"status": "affected", "version": "1.35"}, {"status": "affected", "version": "1.36"}, {"status": "affected", "version": "1.37"}, {"status": "affected", "version": "1.38"}, {"status": "affected", "version": "1.39"}, {"status": "affected", "version": "1.40"}, {"status": "affected", "version": "1.41"}, {"status": "affected", "version": "1.42"}, {"status": "affected", "version": "1.43"}, {"status": "affected", "version": "1.44"}, {"status": "affected", "version": "1.45"}, {"status": "affected", "version": "1.46"}, {"status": "affected", "version": "1.47"}]}], "timeline": [{"lang": "en", "time": "2025-12-25T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-12-25T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-12-25T10:42:22.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.338410", "name": "VDB-338410 | TOZED ZLT M30s Web Management proc_post information disclosure", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.338410", "name": "VDB-338410 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.707306", "name": "Submit #707306 | ZLT M30s MTNNGRM30S_1.47, M30S_1.47 (other versions might be vulnerable) Improper Access Control - Critical Information Disclosure", "tags": ["third-party-advisory"]}, {"url": "https://www.hacklab.eu.org/blogs/zlt_m30s_information_disclosure", "tags": ["related"]}, {"url": "https://youtu.be/u_H29UdiPOc", "tags": ["exploit", "media-coverage"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "Information Disclosure"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Improper Access Controls"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-12-25T17:02:09.345Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15082", "state": "PUBLISHED", "dateUpdated": "2025-12-26T16:37:54.066Z", "dateReserved": "2025-12-25T09:36:35.253Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-12-25T17:02:09.345Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gztozed:zlt_m30s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "206C4196-AA78-496B-967E-66660AC2E02B", "versionEndIncluding": "1.47", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gztozed:zlt_m30s:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCBA4183-9238-4E02-BEDB-FE2927BD77C7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2025-15082", "lastModified": "2026-01-20T19:54:27.513", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-12-25T17:15:41.403", "references": [{"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.338410"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.338410"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.707306"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.hacklab.eu.org/blogs/zlt_m30s_information_disclosure"}, {"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://youtu.be/u_H29UdiPOc"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-284"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"created": "2025-12-29T22:33:36.831103+00:00", "updated": "2025-12-29T22:33:36.831130+00:00", "vendors": ["tozed", "tozed$PRODUCT$zlt_m30s"]}