CVE-2025-65128
Awaiting Analysis Awaiting Analysis - Queue
Authentication Bypass in ZBT WE2001 API Allows Configuration Modification

Publication date: 2026-02-11

Last updated on: 2026-02-17

Assigner: MITRE

Description
A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "*_nocommit" and supplying the parameters expected by the invoked function, an attacker can change configuration data, including SSID, Wi-Fi credentials, and administrative passwords, without authentication or an existing session.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-17
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-14
NVD
CVE-2025-65128
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
shenzhen_zhibotong_electronics zbt_we2001 23.09.27
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-65128 is a vulnerability in the Shenzhen Zhibotong Electronics ZBT WE2001 router firmware version 23.09.27. The issue arises because the web management API components lack proper authentication mechanisms.'}, {'type': 'paragraph', 'content': 'This missing authentication allows attackers who are on the local network to invoke certain API operations whose names end with "*_nocommit" and supply the expected parameters. By doing so, they can modify router and network configurations without needing to authenticate or have an active session.'}, {'type': 'list_item', 'content': 'Attackers can change sensitive configuration data such as the SSID, Wi-Fi credentials, and administrative passwords.'}] [1]

Impact Analysis

This vulnerability can have serious impacts because it allows unauthenticated attackers on the local network to take control over critical router settings.

  • Attackers can change the Wi-Fi network name (SSID) and credentials, potentially locking out legitimate users or redirecting traffic.
  • They can modify administrative passwords, which could prevent authorized access and allow persistent unauthorized control.
  • Overall, this can lead to network compromise, loss of confidentiality, integrity, and availability of network resources.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65128. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart