CVE-2025-14105 identifies a denial of service vulnerability in the TOZED ZLT M30S and ZLT M30S PRO network devices, specifically in firmware versions 1.47 and 3.09.06. The vulnerability resides in the web interface component, within the /reqproc/proc_post file, where an attacker can manipulate the 'goformId' parameter by submitting the value 'REBOOT_DEVICE'. This input triggers a condition that causes the device to reboot or become unresponsive, resulting in a denial of service. The attack vector is limited to the local network, meaning an attacker must have access to the same network segment as the device. No authentication or user interaction is required, which lowers the barrier for exploitation once local access is obtained. The CVSS 4.0 score is 5.3 (medium), reflecting the limited attack vector but ease of exploitation and impact on availability. The vendor was notified but has not responded or provided patches, and no known exploits are currently active in the wild. The vulnerability could be leveraged by malicious insiders or attackers who have gained local network access to disrupt network availability by targeting these devices' web interface. The lack of vendor response and patch availability increases the urgency for affected organizations to implement compensating controls.

For European organizations, this vulnerability poses a risk of network disruption through denial of service attacks on TOZED ZLT M30S devices. Since these devices are network infrastructure components, their unavailability can interrupt connectivity, degrade network performance, or cause outages in critical systems relying on them. Organizations with these devices in operational technology (OT) environments or critical infrastructure sectors such as utilities, manufacturing, or telecommunications may experience operational downtime. The local network access requirement limits remote exploitation but insider threats or compromised internal hosts could exploit this vulnerability. The absence of vendor patches means organizations must rely on network-level mitigations. Disruptions could affect business continuity, lead to financial losses, and impact service delivery. Additionally, the public disclosure increases the likelihood of exploitation attempts, raising the threat level for European entities using these devices.

1. Implement strict network segmentation to isolate TOZED ZLT M30S devices from general user networks, limiting local network access to trusted administrators and systems only. 2. Employ access control lists (ACLs) and firewall rules to restrict traffic to the web interface ports of these devices, allowing only authorized management stations. 3. Monitor network traffic for unusual or repeated HTTP POST requests containing the 'goformId=REBOOT_DEVICE' parameter to detect potential exploitation attempts. 4. Disable or restrict web interface access if possible, or change default management ports to reduce exposure. 5. Regularly audit device firmware versions and configurations to identify affected devices. 6. Engage with TOZED or authorized resellers to inquire about firmware updates or patches addressing this vulnerability. 7. Consider replacing vulnerable devices with alternative products that have active vendor support and security updates. 8. Train internal IT and security teams to recognize signs of local network compromise and to respond rapidly to suspected DoS incidents involving these devices.