CVE-2026-1740

Medium CVSS: 6.9

A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Iptime

Product

A8004t Firmware

CWE

CWE-287

Yayın Tarihi

2026-02-02 04:15:54

Güncelleme

2026-03-10 18:25:25

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-287 A8004t Firmware MEDIUM Iptime 2026

Referanslar

https://github.com/LX-LX88/cve/issues/27 https://vuldb.com/?ctiid.343639 https://vuldb.com/?id.343639 https://vuldb.com/?submit.741422

Benzer Kayıtlar

Medium

CVE-2026-24498

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in EFM-Networks, Inc. IpTIME T5008, EFM-Network…

Medium

CVE-2026-1741

A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the f…

Medium

CVE-2026-1742

A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commit_vpncl…

Critical

CVE-2025-55423

A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the contr…

Medium

CVE-2025-50464

A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability ar…