CVE-2025-65127

Published: Feb 11, 2026

Modified: Feb 17, 2026

PUBLISHED

Description

A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. By invoking "get_*" operations, attackers can obtain device configuration data, including plaintext credentials, without authentication or an existing session.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.zbtwifi.com/

https://neutsec.io/advisories/cve-2025-65127

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-65127

Description

Affected Products

References