High severity8.1NVD Advisory· Published Feb 11, 2026· Updated Apr 15, 2026
CVE-2025-65128
CVE-2025-65128
Description
A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "*_nocommit" and supplying the parameters expected by the invoked function, an attacker can change configuration data, including SSID, Wi-Fi credentials, and administrative passwords, without authentication or an existing session.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 23.09.27
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.