CVE-2025-14105

MEDIUM

TOZED ZLT M30S/ZLT M30S PRO 1.47/3.09.06 - DoS

Title source: llm

Description

A vulnerability was determined in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. This impacts an unknown function of the file /reqproc/proc_post of the component Web Interface. Executing manipulation of the argument goformId with the input REBOOT_DEVICE can lead to denial of service. The attack can only be done within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

[Permissions Required, VDB Entry] https://vuldb.com/?id.334487

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.334487

[Permissions Required, VDB Entry] https://vuldb.com/?submit.696740

[Various Sources] https://youtu.be/RNgsrnPPxgQ

Scores

CVSS v3 4.3

EPSS 0.0003

EPSS Percentile 8.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-404

Status published

Products (4)

TOZED/ZLT M30S 1.47

TOZED/ZLT M30S 3.09.06

TOZED/ZLT M30S PRO 1.47

TOZED/ZLT M30S PRO 3.09.06

Published Dec 05, 2025

Tracked Since Feb 18, 2026