CVE-2025-64075
Path Traversal in ZBT WE2001 Enables Remote Admin Access
Publication date: 2026-02-11
Last updated on: 2026-02-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| shenzhen_zhibotong_electronics | zbt_we2001 | 23.09.27 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a path traversal issue found in the check_token function of the Shenzhen Zhibotong Electronics ZBT WE2001 device, version 23.09.27.
It allows remote attackers to bypass authentication by supplying a specially crafted session cookie value.
By exploiting this, attackers can perform administrative actions without proper authorization.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves a path traversal attack via a crafted session cookie value that allows authentication bypass in Shenzhen Zhibotong Electronics ZBT WE2001 devices.'}, {'type': 'paragraph', 'content': "To detect this vulnerability on your network or system, you should monitor HTTP requests to the affected device for unusual or suspicious session cookie values that may contain path traversal patterns such as '../' sequences."}, {'type': 'paragraph', 'content': "You can use network traffic analysis tools like Wireshark or tcpdump to capture HTTP traffic and filter for requests to the device's administrative interface."}, {'type': 'list_item', 'content': 'Use tcpdump to capture HTTP traffic to the device: tcpdump -i <interface> host <device_ip> and port 80 or 443'}, {'type': 'list_item', 'content': "Use grep or similar tools to search captured traffic for suspicious session cookie values containing path traversal patterns, e.g., grep -i 'Cookie:.*\\.\\./' capturefile"}, {'type': 'paragraph', 'content': 'Additionally, reviewing web server logs on the device for requests with crafted session cookies may help identify exploitation attempts.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the administrative interface of the Shenzhen Zhibotong Electronics ZBT WE2001 device to trusted networks only.
Implement network-level controls such as firewall rules to block unauthorized access attempts.
Monitor and filter HTTP requests to detect and block those with suspicious session cookie values that may exploit the path traversal vulnerability.
If available, apply any vendor-provided patches or updates addressing this vulnerability as soon as they are released.
Consider resetting or invalidating existing session cookies to prevent reuse of crafted tokens.
How can this vulnerability impact me? :
This vulnerability can have serious impacts as it allows unauthorized remote attackers to bypass authentication controls.
Attackers exploiting this flaw can gain administrative access to the affected device.
This could lead to unauthorized changes to device settings, potential disruption of network services, and exposure of sensitive information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know