Shenzhen Zhibotong Electronics ZBT WE2001 Unauthenticated Credential Disclosure Vulnerability

Vulnerability

A vulnerability in the web API of the Shenzhen Zhibotong Electronics ZBT WE2001 router, specifically in version 23.09.27, allows remote unauthenticated attackers to access administrative information-retrieval functions meant for authenticated users. This lack of session validation enables attackers to invoke 'get_*' operations and obtain device configuration data, including plaintext credentials, without the need for authentication or an active session.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive device configuration data, including plaintext credentials.

Added: Feb 11, 2026, 5:40 PM

Updated: Feb 11, 2026, 6:09 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Shenzhen Zhibotong Electronics ZBT WE2001 Unauthenticated Credential Disclosure Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating