How to fix CVE-2025-14126?

Within 24 hours: inventory all TOZED ZLT M30S/M30S PRO devices in your environment and isolate them to controlled network segments. Within 7 days: implement network access controls restricting web interface access to authorized administrators only and enable enhanced monitoring of these devices. Within 30 days: evaluate replacement hardware or contact TOZED directly for patch status; if no patch emerges, prepare decommissioning timeline.

CVE-2025-14126

EUVD-2025-201542 HIGH

2025-12-06 [email protected]

Authentication Bypass

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 17:37 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 17:37 euvd

EUVD-2025-201542

CVE Published

Dec 06, 2025 - 10:16 nvd

HIGH 8.8

DescriptionNVD

A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Technical ContextAI

This vulnerability is classified as Use of Hard-coded Password (CWE-259).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

CVE-2025-14126 vulnerability details – vuln.today

Back

CVE-2025-14126

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code