Tozed ZLT M30S and ZLT M30S PRO Web Interface Hard-Coded Credentials Vulnerability

A vulnerability exists in the TOZED ZLT M30S and ZLT M30S PRO routers, specifically in versions 1.47 and 3.09.06. The issue arises from an unknown function in the web interface component, where manipulation can lead to hard-coded credentials being exposed. This vulnerability requires local network access to exploit. Once exploited, it grants full administrative privileges on the router's web interface. Although the interface initially shows a non-functional password change page, all administrative actions can be accessed directly by bypassing the UI restrictions. The vulnerability has been publicly disclosed, and a proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability exposes hard-coded credentials that provide unrestricted administrative access to the affected router's web interface. This access allows an attacker to perform any administrative action on the device, effectively compromising its management and control functions.

Reproduction

The vulnerability can be reproduced by accessing the web interface of a TOZED ZLT M30S or ZLT M30S PRO router running the affected firmware versions. No authentication is required to exploit the vulnerability. Once accessed, the hard-coded credentials can be used to log in as an administrator. Although the web interface may not display all administrative options due to intended restrictions, these can be bypassed by directly referencing page identifiers, thereby gaining full administrative access.