CVE-2025-14105
📋 TL;DR
This vulnerability allows local network attackers to cause a denial of service on TOZED ZLT M30S and ZLT M30S PRO routers by sending a specially crafted request to the web interface. The attack reboots the device, disrupting network connectivity. Only devices within the local network are vulnerable.
💻 Affected Systems
- TOZED ZLT M30S
- TOZED ZLT M30S PRO
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could repeatedly reboot the router, causing persistent network outages and disrupting all connected devices and services.
Likely Case
Temporary network disruption as the router reboots, affecting internet connectivity and local network services for approximately 1-2 minutes.
If Mitigated
Minimal impact if network segmentation isolates the router's management interface from untrusted devices.
🎯 Exploit Status
Exploit details are publicly available in video demonstration. Simple HTTP POST request with specific parameter triggers the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Vendor has not responded to disclosure. Consider workarounds or replacement.
🔧 Temporary Workarounds
Disable Web Interface
allDisable the router's web management interface if not required for operations
Network Segmentation
allIsolate router management interface to trusted VLAN or network segment
🧯 If You Can't Patch
- Implement strict network access controls to limit which devices can reach the router's management interface
- Monitor for reboot events and investigate unauthorized reboot attempts
🔍 How to Verify
Check if Vulnerable:
Check router firmware version via web interface at http://router-ip/ or using version check command in CLI if availableCheck Version:
Check web interface login page or admin panel for firmware versionVerify Fix Applied:
No fix available to verify. Workarounds can be verified by testing if reboot request still works after implementation.📡 Detection & Monitoring
Log Indicators:
- Unexpected router reboot events
- Multiple POST requests to /reqproc/proc_post with goformId=REBOOT_DEVICE
Network Indicators:
- HTTP POST requests to router IP on port 80/443 with specific parameter pattern
SIEM Query:
source="router_logs" AND (event="reboot" OR event="restart") OR http.method="POST" AND http.uri="/reqproc/proc_post" AND http.param="goformId=REBOOT_DEVICE"