15 matches found
EFM ipTIME C200 注入漏洞
EFM ipTIME C200 is a network camera device produced by the South Korean company EFM. The EFM ipTIME C200 models starting from version 1.092 and earlier have a vulnerability that stems from the sub408F90 function’s ApplyRestore endpoint, which processes the RestoreFile parameter. This vulnerabilit...
EFM ipTIME NAS1dual 缓冲区错误漏洞
EFM ipTIME NAS1dual is a network-attached storage device produced by the South Korean company EFM. Version 1.5.24 of EFM ipTIME NAS1dual contains a buffer overflow vulnerability. This vulnerability stems from a problem with the function getcsrfwhites in the file /cgi/advanced/miscmain.cgi, which...
PT-2026-37047
Name of the Vulnerable Software and Affected Versions ipTIME NAS1dual version 1.5.24 Description A stack-based buffer overflow can be triggered remotely via the get csrf whites function within the '/cgi/advanced/misc main.cgi' endpoint. A stack-based buffer overflow occurs when a program writes...
EUVD-2026-6098
A vulnerability was found in EFM iptime A6004MX 14.18.2. Affected is the function commitvpnclifileupload of the file /cgi/timepro.cgi. The manipulation results in unrestricted upload. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was...
CVE-2026-2550
A vulnerability was found in EFM iptime A6004MX 14.18.2. Affected is the function commitvpnclifileupload of the file /cgi/timepro.cgi. The manipulation results in unrestricted upload. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was...
EFM iptime A6004MX 代码问题漏洞
EFM iptime A6004MX is a wireless router produced by the South Korean company EFM. The EFM iptime A6004MX version 14.18.2 has a code vulnerability. This vulnerability stems from an unlimited upload function in the commitvpnclifile Upload function located in the cgi/timepro.cgi file, which could le...
EFM ipTIME A8004T 授权问题漏洞
The EFM ipTIME A8004T is a wireless router produced by the South Korean company EFM. The version 14.18.2 of the EFM ipTIME A8004T contains an authorization vulnerability. This vulnerability stems from incorrect operations on the function httpconchecksessionurl in the file/cgi/timepro.cgi, which m...
EFM ipTIME Routers security vulnerabilities
EFM ipTIME Routers are a series of routers produced by the South Korean company EFM. The EFM ipTIME Routers have a security vulnerability, which stems from an OS command injection vulnerability in the upnp-relay function. The following products and versions are affected: A2003NS-MU version 10.00....
EFM ipTIME A3004T 命令注入漏洞
The EFM ipTIME A3004T is a wireless router from EFM Korea. A command injection vulnerability exists in EFM ipTIME A3004T version 14.19.0, which stems from improper handling of the parameter aaksjdkfj in the file /sess-bin/timepro.cgi, which could lead to command injection...
EUVD-2020-28780
Malware in sbrugna...
CVE-2020-7848
The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value...
EFM ipTIME C200 IP Camera 授权问题漏洞
EFM ipTIME C200 IP Camera is a hardware device from EFM Korea. It provides a camera device for surveillance. A security vulnerability exists in the EFM ipTIME C200 IP Camera that stems from a problem with shared folder authentication. A remote attacker can exploit the vulnerability by using...
CVE-2020-7848
The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value...
Command injection
The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value...
CVE-2020-7848
The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value...