CVE-2025-65127
Awaiting Analysis Awaiting Analysis - Queue
Unauthorized Access via Session Validation Bypass in ZBT WE2001 Web API

Publication date: 2026-02-11

Last updated on: 2026-02-17

Assigner: MITRE

Description
A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. By invoking "get_*" operations, attackers can obtain device configuration data, including plaintext credentials, without authentication or an existing session.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-17
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-15
NVD
CVE-2025-65127
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
shenzhen_zhibotong_electronics zbt_we2001 23.09.27
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'This vulnerability exists in the web API component of the Shenzhen Zhibotong Electronics ZBT WE2001 device, version 23.09.27. It is caused by a lack of session validation, which means that remote attackers can access administrative information-retrieval functions without needing to authenticate or have an active session.'}, {'type': 'paragraph', 'content': 'By invoking "get_*" operations, attackers can retrieve sensitive device configuration data, including plaintext credentials, which are normally intended only for authenticated users.'}] [1]

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive information such as device configuration data and plaintext credentials. An attacker exploiting this flaw can gain administrative-level information without authentication, potentially compromising the security and integrity of the affected device.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65127. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart