Primary

Context

Tozed ZLT M30S and ZLT M30S PRO Web Interface Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in the web interface of the Tozed ZLT M30S and ZLT M30S PRO routers, specifically in versions 1.47 and 3.09.06. The issue arises in an unknown function of the file '/reqproc/proc_post', where the 'goformId' parameter can be manipulated with the value 'REBOOT_DEVICE' to trigger a system reboot. This vulnerability can be exploited by an unauthenticated attacker within the local network, causing a disruption of service.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the device to become unresponsive or unavailable.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/reqproc/proc_post' endpoint with the 'goformId' parameter set to 'REBOOT_DEVICE'. This can be done using tools like curl, from within the local network.

Added: Dec 5, 2025, 9:18 PM

Updated: Dec 5, 2025, 9:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

1.3

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

1.3

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tozed ZLT M30S and ZLT M30S PRO Web Interface Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating