Shenzhen Zhibotong Electronics ZBT WE2001 Missing Authentication Vulnerability in Web Management API

Vulnerability

A vulnerability exists in the web management API of the Shenzhen Zhibotong Electronics ZBT WE2001 router, specifically in version 23.09.27. The issue arises from a missing authentication mechanism, allowing unauthenticated attackers on the local network to alter router and network settings. Exploitation involves invoking specific operations that end with '*_nocommit' and providing the required parameters, enabling attackers to change various configuration details such as the SSID, Wi-Fi passwords, and administrative credentials, all without the need for authentication or an active session.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of router settings and network configurations, including changes to Wi-Fi credentials and administrative passwords.

Added: Feb 11, 2026, 6:26 PM

Updated: Feb 11, 2026, 6:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.9

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.9

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Shenzhen Zhibotong Electronics ZBT WE2001 Missing Authentication Vulnerability in Web Management API

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating