CVE-2025-14126

HIGH EPSS 27.8%

Published Dec 6, 20256mo ago · Modified Jun 17, 20261w ago

7.4 CVSS 4.0

High

Published Dec 6, 2025 6mo ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

Base Score

7.4

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Adjacent

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

27.8% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-259

CWE-798 Use of Hard-coded Credentials Authentication

References 4

vuldb.com https://vuldb.com/?ctiid.334521
vuldb.com https://vuldb.com/?id.334521
vuldb.com https://vuldb.com/?submit.697498
youtu.be https://youtu.be/o8rfjSlpRxY

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.