CVE-2026-1741

Medium CVSS: 6.6

A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Iptime

Product

A8004t Firmware

CWE

CWE-912

Yayın Tarihi

2026-02-02 04:15:55

Güncelleme

2026-03-10 18:26:24

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-912 A8004t Firmware MEDIUM Iptime 2026

Referanslar

https://github.com/LX-LX88/cve/issues/28 https://vuldb.com/?ctiid.343640 https://vuldb.com/?id.343640 https://vuldb.com/?submit.741423

Benzer Kayıtlar

Medium

CVE-2026-24498

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in EFM-Networks, Inc. IpTIME T5008, EFM-Network…

Medium

CVE-2026-1742

A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commit_vpncl…

Medium

CVE-2026-1740

A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file…

Critical

CVE-2025-55423

A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the contr…

Medium

CVE-2025-50464

A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability ar…