CVE-2025-65127

Medium CVSS: 6.5

A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. By invoking "get_*" operations, attackers can obtain device configuration data, including plaintext credentials, without authentication or an existing session.

Vendor

Product

CWE

CWE-287

Yayın Tarihi

2026-02-11 17:16:07

Güncelleme

2026-02-17 22:18:44

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-287 MEDIUM 2026

Referanslar

https://neutsec.io/advisories/cve-2025-65127 https://www.zbtwifi.com/