Can you explain this vulnerability to me?

This vulnerability exists in the TOZED ZLT M30S and ZLT M30S PRO devices, specifically in the web interface component at the file /reqproc/proc_post. Manipulating the argument 'goformId' with the input 'REBOOT_DEVICE' can cause a denial of service. The attack can only be performed from within the local network, and the exploit has been publicly disclosed.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

The vulnerability can lead to a denial of service condition on the affected devices, potentially causing them to reboot or become unavailable. This could disrupt normal operations or services relying on these devices within the local network.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by sending a crafted POST request to the device's /reqproc/proc_post endpoint with the parameter goformId=REBOOT_DEVICE from within the local network. A suggested command to test for the vulnerability is using curl: curl -X POST http://<device-ip>/reqproc/proc_post -d 'goformId=REBOOT_DEVICE'. If the device reboots or becomes unavailable, it is vulnerable. [1]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the device's web interface to trusted users within the local network, monitoring for suspicious POST requests to /reqproc/proc_post with goformId=REBOOT_DEVICE, and considering replacing the affected devices with alternative products, as no patches or countermeasures are currently available. [2]

Useful 0 Not Useful 0