CVE-2026-1742
- EPSS 0.01%
- Veröffentlicht 02.02.2026 04:15:55
- Zuletzt bearbeitet 10.03.2026 18:42:21
A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi of the component VPN Service. Such manipulation leads to unrestricted upload. It is pos...
CVE-2026-1741
- EPSS 0.11%
- Veröffentlicht 02.02.2026 03:02:06
- Zuletzt bearbeitet 10.03.2026 18:26:24
A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to ini...
CVE-2026-1740
- EPSS 0.1%
- Veröffentlicht 02.02.2026 02:32:06
- Zuletzt bearbeitet 10.03.2026 18:25:25
A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication. The atta...
CVE-2025-55423
- EPSS 0.58%
- Veröffentlicht 20.01.2026 00:00:00
- Zuletzt bearbeitet 30.01.2026 20:07:11
A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system() without proper validation or sanitiz...