How to fix CVE-2025-65128?

Within 24 hours: Inventory all ZBT WE2001 devices (model 23.09.27) and restrict network access to the management API to trusted administrative hosts only. Within 7 days: Implement network segmentation to isolate affected routers' management interfaces behind a firewall or VPN, and disable remote management access if not operationally required. Within 30 days: Contact Zhibotong for patch availability and firmware update timeline; evaluate replacement with alternative vendor equipment if patch timeline is unacceptable.

Is Industrial affected by CVE-2025-65128?

Unauthenticated attackers on the local network can reconfigure ZBT WE2001 routers without credentials, potentially disrupting network operations, compromising traffic routing, or enabling lateral movement.

CVE-2025-65128

HIGH

2026-02-11 [email protected]

8.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 11, 2026 - 18:16 nvd

HIGH 8.1

Description

A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "*_nocommit" and supplying the parameters expected by the invoked function, an attacker can change configuration data, including SSID, Wi-Fi credentials, and administrative passwords, without authentication or an existing session.

Analysis

Technical Context

Classified as CWE-287 (Improper Authentication). A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "*_nocommit" and supplying the parameters expected by the invoked function, an attacker can change configuration data, including SSID, Wi-Fi credentials, and administrative passwords, without authentication or an existing session.

Affected Products

Component: web management API.

Remediation

Monitor vendor advisories for a patch.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +40

POC: 0

CVE-2025-65128 vulnerability details – vuln.today

Back

CVE-2025-65128

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-65128

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code