CVE-2025-14105 identifies a denial of service (DoS) vulnerability in the TOZED ZLT M30S and ZLT M30S PRO routers, specifically affecting firmware versions 1.47 and 3.09.06. The vulnerability resides in the web interface component, within the /reqproc/proc_post handler. An attacker can send a crafted HTTP POST request manipulating the 'goformId' parameter with the value 'REBOOT_DEVICE', triggering a reboot or crash condition that results in denial of service. The attack vector is limited to the local network (AV:A), requiring no privileges (PR:N), no authentication (AT:N), and no user interaction (UI:N). The vulnerability impacts availability (VA:L) but does not affect confidentiality or integrity. The vendor was notified but has not issued a patch or response, leaving devices exposed. Although exploitation requires local network access, the publicly disclosed exploit details increase the risk of attacks by insiders or compromised hosts within the LAN. The lack of authentication on the web interface exacerbates the risk. The CVSS 4.0 score of 5.3 reflects a medium severity, balancing the limited attack surface with the ease of exploitation and impact on device availability. No known exploits are currently active in the wild, but the vulnerability could be leveraged to disrupt network operations, especially in environments relying on these devices for critical connectivity.

For European organizations, the primary impact is disruption of network availability due to forced device reboots or crashes, potentially causing downtime in local network segments. This can affect business continuity, especially in environments where TOZED ZLT M30S devices serve as critical network infrastructure components such as in small to medium enterprises, branch offices, or industrial control systems. The requirement for local network access limits remote exploitation but raises concerns about insider threats or malware propagation within internal networks. Unavailability of these devices could interrupt internet access, intranet services, or connectivity to operational technology systems, leading to productivity losses and potential safety risks in industrial settings. The absence of vendor patches prolongs exposure, increasing the window for exploitation. Additionally, the public disclosure of the vulnerability and exploit details may encourage attackers to target vulnerable networks, particularly in sectors with less mature network segmentation and monitoring practices.

To mitigate this vulnerability, European organizations should implement strict network segmentation to isolate TOZED ZLT M30S devices from untrusted or general user segments, limiting access to the local network where these devices reside. Access controls should be enforced to restrict who can send HTTP POST requests to the device's web interface, ideally allowing only trusted administrators or management systems. Monitoring network traffic for suspicious POST requests containing 'goformId=REBOOT_DEVICE' can provide early detection of exploitation attempts. If possible, disable or restrict the web interface access to management VLANs or via secure management channels such as VPNs. Organizations should also consider replacing affected devices with alternative hardware from vendors with active security support if firmware updates or patches remain unavailable. Regular network device inventory and firmware version audits will help identify vulnerable devices. Finally, educating internal users about the risks of local network attacks and maintaining strong endpoint security can reduce the risk of insider or malware-driven exploitation.