Overview
A high-severity vulnerability, identified as CVE-2025-14126, has been discovered in TOZED ZLT M30S and ZLT M30S PRO routers running firmware versions 1.47/3.09.06. This vulnerability allows attackers within the local network to exploit hardcoded credentials due to improper handling by the Web Interface component. The vendor has not responded to responsible disclosure attempts.
Technical Details
The vulnerability stems from the presence of hardcoded credentials within the web interface of the TOZED ZLT M30S and ZLT M30S PRO routers. An attacker with access to the local network can potentially leverage these credentials to gain unauthorized access to the router’s administration panel and modify critical settings. The affected function within the Web Interface is currently unknown. The exploit has been publicly disclosed, increasing the risk of widespread exploitation.
CVSS Analysis
This vulnerability has been assigned a CVSS score of 8.8 (HIGH), indicating a significant risk. The CVSS vector indicates the following:
- Attack Vector: Local Network
- Attack Complexity: Low
- Privileges Required: None (Local Network access)
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Possible Impact
Successful exploitation of this vulnerability could lead to:
- Complete control of the affected router.
- Modification of DNS settings, potentially redirecting users to malicious websites.
- Interception of network traffic.
- Deployment of malware on connected devices.
- Denial of service by altering router configurations.
Mitigation or Patch Steps
Unfortunately, as of the publication date, no official patch or firmware update has been released by TOZED to address this vulnerability. Given the vendor’s lack of response, users are advised to take the following mitigation steps:
- Restrict Network Access: Limit access to the router’s web interface to only trusted devices within the local network.
- Strong Passwords: If possible, change the default administrator password. While this might not fully mitigate the hardcoded credential issue, it can add an additional layer of security. (Note: Check if the implemented password change truly overwrites or is bypassed by the hardcoded credentials)
- Network Segmentation: Segment your network to isolate the affected router from critical systems.
- Monitor Network Traffic: Implement network monitoring to detect any suspicious activity originating from or directed at the router.
- Consider Replacement: If feasible, consider replacing the affected TOZED ZLT M30S or ZLT M30S PRO router with a more secure alternative from a vendor with a better security track record.
- Disable Remote Administration: If remote administration is enabled, disable it immediately to prevent external access.