184 matches found
EUVD-2026-5127
A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpconchecksessionurl of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an...
CVE-2026-1741 EFM ipTIME A8004T Debug d.cgi httpcon_check_session_url backdoor
A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpconchecksessionurl of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an...
CVE-2026-1741
The following sources document CVE-2026-1741 affecting EFM ipTIME A8004T 14.18.2. The vulnerability concerns the Debug Interface component, specifically the httpcon_check_session_url function in /sess-bin/d.cgi. The described flaw allows manipulation of the cmd argument to trigger a backdoor, wit...
CVE-2026-1740
CVE-2026-1740 affects EFM ipTIME A8004T 14.18.2; the flaw is in httpcon_check_session_url inside /cgi/timepro.cgi in the Hidden login/setup interface, enabling remote improper authentication. Exploits are public per the sources; vendor did not respond to disclosure. Mitigation noted in PT-2026-55...
EUVD-2026-5126
A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpconchecksessionurl of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has...
CVE-2026-1740 EFM ipTIME A8004T Hidden Hiddenloginsetup timepro.cgi httpcon_check_session_url improper authentication
A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpconchecksessionurl of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has...
CVE-2026-1740 EFM ipTIME A8004T Hidden Hiddenloginsetup timepro.cgi httpcon_check_session_url improper authentication
A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpconchecksessionurl of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has...
CVE-2026-1740
A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpconchecksessionurl of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has...
PT-2026-5600
A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon check session url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an...
EFM ipTIME A8004T 安全漏洞
The EFM ipTIME A8004T is a wireless router produced by the South Korean company EFM. The EFM ipTIME A8004T version 14.18.2 contains a security vulnerability. This vulnerability stems from incorrect handling of the parameter cmd in the function httpconchecksessionurl located in the /sess-bin/d.cgi...
PT-2026-5599
Name of the Vulnerable Software and Affected Versions EFM ipTIME A8004T version 14.18.2 Description A flaw exists in the authentication process of the EFM ipTIME A8004T router. This issue stems from improper authentication within the httpcon check session url function, located in the...
PT-2026-5601
A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commit vpncli file upload of the file /cgi/timepro.cgi of the component VPN Service. Such manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploi...
EFM ipTIME A8004T 代码问题漏洞
The EFM ipTIME A8004T is a wireless router produced by the South Korean company EFM. The version 14.18.2 of the EFM ipTIME A8004T has a code vulnerability. This vulnerability stems from an incorrect operation on the function commitvpnclifile Upload in the file /cgi/timepro.cgi, which may lead to...
EFM ipTIME A8004T 授权问题漏洞
The EFM ipTIME A8004T is a wireless router produced by the South Korean company EFM. The version 14.18.2 of the EFM ipTIME A8004T contains an authorization vulnerability. This vulnerability stems from incorrect operations on the function httpconchecksessionurl in the file/cgi/timepro.cgi, which m...
CVE-2025-55423
A command injection vulnerability exists in the upnprelay function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system without proper validation or sanitization, allowing OS command injection...
CVE-2025-55423
A command injection vulnerability exists in the upnprelay function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system without proper validation or sanitization, allowing OS command injection...
CVE-2025-55423
A command injection vulnerability exists in the upnprelay function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system without proper validation or sanitization, allowing OS command injection...
CVE-2025-55423
A command injection vulnerability exists in the upnprelay function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system without proper validation or sanitization, allowing OS command injection...
CVE-2025-55423
CVE-2025-55423 is an OS command-injection vulnerability in the upnp_relay() function affecting ipTIME routers across numerous models (e.g., A2003NS-MU, N600, A604-V3, A6ns-M, V508, N704QCA, A8ns-M, A304, A3004NS-M, A5004NS-M, A9004M, N702R, A604M, A804NS-MU, N804R, A7004M, A8004T, A604G-MU, A3008...
CVE-2025-55423
A command injection vulnerability exists in the upnprelay function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system without proper validation or sanitization, allowing OS command injection...