A vulnerability, which was classified as critical, has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The manipulation of the argument Authorization leads to use of hard-coded password.
This vulnerability is documented as CVE-2025-11284. The attack can be initiated remotely. Additionally, an exploit exists.
It is recommended to apply restrictive firewalling.
The vendor was contacted early about this disclosure but did not respond in any way.