CVE-2025-65128

{"id": "CVE-2025-65128", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2026-02-11T18:16:04.353", "references": [{"url": "https://neutsec.io/advisories/cve-2025-65128/", "source": "cve@mitre.org"}, {"url": "https://www.zbtwifi.com/", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with \"*_nocommit\" and supplying the parameters expected by the invoked function, an attacker can change configuration data, including SSID, Wi-Fi credentials, and administrative passwords, without authentication or an existing session."}, {"lang": "es", "value": "Un mecanismo de autenticaci\u00f3n ausente en los componentes de la API de gesti\u00f3n web de Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 permite a atacantes no autenticados en la red local modificar las configuraciones del router y de la red. Al invocar operaciones cuyos nombres terminan en '*_nocommit' y suministrar los par\u00e1metros esperados por la funci\u00f3n invocada, un atacante puede cambiar datos de configuraci\u00f3n, incluyendo SSID, credenciales de Wi-Fi y contrase\u00f1as administrativas, sin autenticaci\u00f3n o una sesi\u00f3n existente."}], "lastModified": "2026-02-17T22:18:44.197", "sourceIdentifier": "cve@mitre.org"}