| 제목 | TOZED ZLT W51 Wifi6 Router (Ooredoo) Firmware version 1.4.2 Information Disclosure |
|---|
| 설명 | Critical security vulnerabilities discovered in TOZED ZLT W51 routers expose sensitive data through a proprietary service on TCP port 7777. The flaws include cross-connection memory disclosure that leaks data between clients, protocol state confusion enabling expanded memory access, and a potential denial of service condition. An unauthenticated attacker on the same network can extract previous users' sensitive information (including credentials and tokens) by sending specially crafted SOCKS protocol commands. The vulnerabilities affect all router firmware versions up to 1.4.2 and cannot be mitigated by end users as the service cannot be disabled through the router's interface. Proof-of-concept and video demonstration in 3rd party advisory. |
|---|
| 원천 | ⚠️ https://github.com/Zephkek/LeakyTozed |
|---|
| 사용자 | Mohamed Maatallah (UID 77278) |
|---|
| 제출 | 2025. 05. 01. PM 12:54 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 05. 23. AM 08:20 (22 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 310082 [TOZED ZLT W51 까지 1.4.2 Service Port 7777 원격 코드 실행] |
|---|
| 포인트들 | 20 |
|---|