A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
PUBLISHED5.2CWE-200CWE-284
TOZED ZLT M30s Web Management proc_post information disclosure
Problem type
Affected products
TOZED
ZLT M30s
1.0 - AFFECTED
1.1 - AFFECTED
1.2 - AFFECTED
1.3 - AFFECTED
1.4 - AFFECTED
1.5 - AFFECTED
1.6 - AFFECTED
1.7 - AFFECTED
1.8 - AFFECTED
1.9 - AFFECTED
1.10 - AFFECTED
1.11 - AFFECTED
1.12 - AFFECTED
1.13 - AFFECTED
1.14 - AFFECTED
1.15 - AFFECTED
1.16 - AFFECTED
1.17 - AFFECTED
1.18 - AFFECTED
1.19 - AFFECTED
1.20 - AFFECTED
1.21 - AFFECTED
1.22 - AFFECTED
1.23 - AFFECTED
1.24 - AFFECTED
1.25 - AFFECTED
1.26 - AFFECTED
1.27 - AFFECTED
1.28 - AFFECTED
1.29 - AFFECTED
1.30 - AFFECTED
1.31 - AFFECTED
1.32 - AFFECTED
1.33 - AFFECTED
1.34 - AFFECTED
1.35 - AFFECTED
1.36 - AFFECTED
1.37 - AFFECTED
1.38 - AFFECTED
1.39 - AFFECTED
1.40 - AFFECTED
1.41 - AFFECTED
1.42 - AFFECTED
1.43 - AFFECTED
1.44 - AFFECTED
1.45 - AFFECTED
1.46 - AFFECTED
1.47 - AFFECTED
References
VDB-338410 | TOZED ZLT M30s Web Management proc_post information disclosure
https://vuldb.com/?id.338410
VDB-338410 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.338410
Submit #707306 | ZLT M30s MTNNGRM30S_1.47, M30S_1.47 (other versions might be vulnerable) Improper Access Control - Critical Information Disclosure
https://vuldb.com/?submit.707306
hacklab.eu.org
https://www.hacklab.eu.org/blogs/zlt_m30s_information_disclosure
youtu.be
https://youtu.be/u_H29UdiPOc
GitHub Security Advisories
GHSA-jh6h-m4rf-fh9p
A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the...
https://github.com/advisories/GHSA-jh6h-m4rf-fh9pA vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2025-15082
vuldb.com
https://vuldb.com/?ctiid.338410
vuldb.com
https://vuldb.com/?id.338410
vuldb.com
https://vuldb.com/?submit.707306
hacklab.eu.org
https://www.hacklab.eu.org/blogs/zlt_m30s_information_disclosure
youtu.be
https://youtu.be/u_H29UdiPOc
github.com
https://github.com/advisories/GHSA-jh6h-m4rf-fh9p
JSON source
https://cveawg.mitre.org/api/cve/CVE-2025-15082Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-15082",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2025-12-26T16:37:54.066Z",
"dateReserved": "2025-12-25T09:36:35.253Z",
"datePublished": "2025-12-25T17:02:09.345Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2025-12-25T17:02:09.345Z"
},
"title": "TOZED ZLT M30s Web Management proc_post information disclosure",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"affected": [
{
"vendor": "TOZED",
"product": "ZLT M30s",
"modules": [
"Web Management Interface"
],
"versions": [
{
"version": "1.0",
"status": "affected"
},
{
"version": "1.1",
"status": "affected"
},
{
"version": "1.2",
"status": "affected"
},
{
"version": "1.3",
"status": "affected"
},
{
"version": "1.4",
"status": "affected"
},
{
"version": "1.5",
"status": "affected"
},
{
"version": "1.6",
"status": "affected"
},
{
"version": "1.7",
"status": "affected"
},
{
"version": "1.8",
"status": "affected"
},
{
"version": "1.9",
"status": "affected"
},
{
"version": "1.10",
"status": "affected"
},
{
"version": "1.11",
"status": "affected"
},
{
"version": "1.12",
"status": "affected"
},
{
"version": "1.13",
"status": "affected"
},
{
"version": "1.14",
"status": "affected"
},
{
"version": "1.15",
"status": "affected"
},
{
"version": "1.16",
"status": "affected"
},
{
"version": "1.17",
"status": "affected"
},
{
"version": "1.18",
"status": "affected"
},
{
"version": "1.19",
"status": "affected"
},
{
"version": "1.20",
"status": "affected"
},
{
"version": "1.21",
"status": "affected"
},
{
"version": "1.22",
"status": "affected"
},
{
"version": "1.23",
"status": "affected"
},
{
"version": "1.24",
"status": "affected"
},
{
"version": "1.25",
"status": "affected"
},
{
"version": "1.26",
"status": "affected"
},
{
"version": "1.27",
"status": "affected"
},
{
"version": "1.28",
"status": "affected"
},
{
"version": "1.29",
"status": "affected"
},
{
"version": "1.30",
"status": "affected"
},
{
"version": "1.31",
"status": "affected"
},
{
"version": "1.32",
"status": "affected"
},
{
"version": "1.33",
"status": "affected"
},
{
"version": "1.34",
"status": "affected"
},
{
"version": "1.35",
"status": "affected"
},
{
"version": "1.36",
"status": "affected"
},
{
"version": "1.37",
"status": "affected"
},
{
"version": "1.38",
"status": "affected"
},
{
"version": "1.39",
"status": "affected"
},
{
"version": "1.40",
"status": "affected"
},
{
"version": "1.41",
"status": "affected"
},
{
"version": "1.42",
"status": "affected"
},
{
"version": "1.43",
"status": "affected"
},
{
"version": "1.44",
"status": "affected"
},
{
"version": "1.45",
"status": "affected"
},
{
"version": "1.46",
"status": "affected"
},
{
"version": "1.47",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Information Disclosure",
"cweId": "CWE-200",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Improper Access Controls",
"cweId": "CWE-284",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?id.338410",
"name": "VDB-338410 | TOZED ZLT M30s Web Management proc_post information disclosure",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.338410",
"name": "VDB-338410 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.707306",
"name": "Submit #707306 | ZLT M30s MTNNGRM30S_1.47, M30S_1.47 (other versions might be vulnerable) Improper Access Control - Critical Information Disclosure",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://www.hacklab.eu.org/blogs/zlt_m30s_information_disclosure",
"tags": [
"related"
]
},
{
"url": "https://youtu.be/u_H29UdiPOc",
"tags": [
"exploit",
"media-coverage"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"baseScore": 5
}
}
],
"timeline": [
{
"time": "2025-12-25T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2025-12-25T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2025-12-25T10:42:22.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "S33K3R (VulDB User)",
"type": "reporter"
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-12-26T16:37:54.066Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}