| Titolo | TOZED ZLT W51 Wifi6 Router (Ooredoo) Firmware version 1.4.2 Information Disclosure |
|---|
| Descrizione | Critical security vulnerabilities discovered in TOZED ZLT W51 routers expose sensitive data through a proprietary service on TCP port 7777. The flaws include cross-connection memory disclosure that leaks data between clients, protocol state confusion enabling expanded memory access, and a potential denial of service condition. An unauthenticated attacker on the same network can extract previous users' sensitive information (including credentials and tokens) by sending specially crafted SOCKS protocol commands. The vulnerabilities affect all router firmware versions up to 1.4.2 and cannot be mitigated by end users as the service cannot be disabled through the router's interface. Proof-of-concept and video demonstration in 3rd party advisory. |
|---|
| Fonte | ⚠️ https://github.com/Zephkek/LeakyTozed |
|---|
| Utente | Mohamed Maatallah (UID 77278) |
|---|
| Sottomissione | 01/05/2025 12:54 (1 Anno fa) |
|---|
| Moderazione | 23/05/2025 08:20 (22 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 310082 [TOZED ZLT W51 fino a 1.4.2 Service Port 7777 Esecuzione di codice remoto] |
|---|
| Punti | 20 |
|---|