CVE-2025-12917 – A denial-of-service vulnerability exists in TOZ... (How to Fix)

Q: What is the severity of CVE-2025-12917?

CVE-2025-12917 has a CVSS score of 4.3 (MEDIUM). A denial-of-service vulnerability exists in TOZED ZLT T10/T10PLUS routers version 3.04.15. Attackers on the local network can exploit the reboot handler component to crash the device, causing service disruption. This affects organizations using these specific router models with the vulnerable firmware.

📋 TL;DR

A denial-of-service vulnerability exists in TOZED ZLT T10/T10PLUS routers version 3.04.15. Attackers on the local network can exploit the reboot handler component to crash the device, causing service disruption. This affects organizations using these specific router models with the vulnerable firmware.

💻 Affected Systems

Products:

TOZED ZLT T10
TOZED ZLT T10PLUS

Versions: 3.04.15

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects specific firmware version; earlier/later versions may not be vulnerable. Requires attacker on same local network segment.

📦 What is this software?

Zlt T10 Plus Firmware by Gztozed

View all CVEs affecting Zlt T10 Plus Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent device crashes requiring manual power cycling, extended network downtime affecting all connected devices and services.

🟠

Likely Case

Temporary network disruption until device automatically reboots, intermittent connectivity issues for users.

🟢

If Mitigated

Minimal impact if network segmentation isolates routers from untrusted internal hosts.

🌐 Internet-Facing: LOW - Attack requires local network access, cannot be exploited directly from the internet.

🏢 Internal Only: MEDIUM - Any compromised internal host or malicious insider can trigger denial of service.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

YouTube videos demonstrate exploitation; simple HTTP request manipulation triggers the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch exists. Monitor vendor website for firmware updates. Consider replacing devices if vendor remains unresponsive.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate router management interface to separate VLAN with strict access controls

Access Control Lists

all

Implement firewall rules to restrict access to /reqproc/proc_post endpoint

🧯 If You Can't Patch

Replace affected routers with different models from responsive vendors
Implement network monitoring to detect exploitation attempts and alert on unusual reboot patterns

🔍 How to Verify

Check if Vulnerable:

Check router web interface or serial console for firmware version 3.04.15

Check Version:

Check router admin interface at System > Firmware or via serial console

Verify Fix Applied:

Verify firmware version has changed from 3.04.15; test if reboot handler still accepts malformed requests

📡 Detection & Monitoring

Log Indicators:

Multiple reboot events in short timeframe
HTTP requests to /reqproc/proc_post with unusual parameters

Network Indicators:

HTTP POST requests to router IP on port 80 targeting /reqproc/proc_post

SIEM Query:

source="router_logs" AND (event="reboot" OR uri="/reqproc/proc_post") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2025-12917

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-404

EPSS Score: 0.13% exploit probability (32.8th percentile)

Published: November 9, 2025

Last Updated: December 9, 2025

🔗 References

https://vuldb.com/?ctiid.331635 Permissions Required,VDB Entry
https://vuldb.com/?id.331635 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.679507 Exploit,Third Party Advisory,VDB Entry
https://youtu.be/3Me3wlH5cfU Exploit
https://www.youtube.com/watch?v=3Me3wlH5cfU Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12917, you might also want to check these: