6.8
CVE-2026-1741
- EPSS 0.48%
- Veröffentlicht 02.02.2026 03:02:06
- Zuletzt bearbeitet 10.03.2026 18:26:24
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginEFM ipTIME A8004T Debug d.cgi httpcon_check_session_url backdoor
A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Iptime ≫ A8004t Firmware Version14.18.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.48% | 0.373 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 6.6 | 0.7 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 6.6 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 6.8 | 3.2 | 10 |
AV:N/AC:H/Au:M/C:C/I:C/A:C
|
CWE-912 Hidden Functionality
The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.
https://vuldb.com/?id.343640
https://vuldb.com/?ctiid.343640
https://vuldb.com/?submit.741423
https://github.com/LX-LX88/cve/issues/28