Tozed ZLT M30s Web Management Interface Information Disclosure Vulnerability

An information disclosure vulnerability has been identified in the Tozed ZLT M30s model, in versions up to 1.47. The issue resides within the Web Management Interface, specifically in an unknown function of the file '/reqproc/proc_post'. The vulnerability can be exploited remotely by manipulating the 'goformId' argument, leading to unauthorized access to sensitive device information. This includes configuration data that reveals administrative account credentials in plaintext, potentially allowing full access to the device's management interface.

Impact

Exploitation of this vulnerability allows unauthorized users to access sensitive information, including administrative credentials, which can be used to gain full access to the device's web management interface.

Reproduction

To reproduce this vulnerability, connect to the device via Wi-Fi or USB tethering and identify the device's gateway IP, where the management interface is located. Then, send a POST request to the '/reqproc/proc_post' endpoint with the 'isTest' parameter set to 'false' and the 'goformId' parameter set to 'export_information'. The response will include a JSON object with the device's configuration data, which can be downloaded as a zip file. After unzipping, the 'tmp/export_nv_show' file will contain the admin credentials for the web interface.