CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

184 matches found

Positive Technologies•added 2026/01/20 12:0 a.m.•6 views

PT-2026-3636

Name of the Vulnerable Software and Affected Versions ipTIME routers A2003NS-MU versions 10.00.6 through 12.16.2 ipTIME routers N600 versions 10.00.8 through 12.16.2 ipTIME routers A604-V3 versions 10.01.6 through 10.07.2 ipTIME routers A6ns-M versions 10.01.6 through 14.19.4 ipTIME routers V508...

9.8CVSS5.4AI score0.00665EPSS

Exploits2References7

CNNVD•added 2026/01/20 12:0 a.m.•1 views

EFM ipTIME Routers security vulnerabilities

EFM ipTIME Routers are a series of routers produced by the South Korean company EFM. The EFM ipTIME Routers have a security vulnerability, which stems from an OS command injection vulnerability in the upnp-relay function. The following products and versions are affected: A2003NS-MU version 10.00....

9.8CVSS5.8AI score0.00665EPSS

Exploits2References5

Cvelist•added 2026/01/20 12:0 a.m.•17 views

CVE-2025-55423

A command injection vulnerability exists in the upnprelay function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system without proper validation or sanitization, allowing OS command injection...

0.00665EPSS

Exploits2References4

RedhatCVE•added 2026/01/09 8:44 a.m.•7 views

CVE-2022-23765

This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. Remote attackers can steal root privileges by changing the password of the root through a POST request...

8.8CVSS7AI score0.00219EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:44 a.m.•5 views

CVE-2022-23771

This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrar...

8.8CVSS7AI score0.00141EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:37 a.m.•4 views

CVE-2020-7879

This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie'COOKIE' . The value is transferred to the --header option in wget binary, and there is no validation check...

9.8CVSS7.3AI score0.00806EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:36 a.m.•6 views

CVE-2020-7847

The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36...

8CVSS8AI score0.00267EPSS

Exploits0References1

RedhatCVE•added 2025/12/12 3:13 a.m.•1 views

CVE-2025-14485

A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function showdebugscreen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm& causes command...

5CVSS6.3AI score0.0049EPSS

Exploits0References1

NVD•added 2025/12/11 3:15 a.m.•2 views

CVE-2025-14485

5CVSS0.0049EPSS

Exploits0References5

Vulnrichment•added 2025/12/11 3:2 a.m.•2 views

CVE-2025-14485 EFM ipTIME A3004T Administrator Password timepro.cgi show_debug_screen command injection

5CVSS6.1AI score0.0049EPSS

Exploits0References5

EUVD•added 2025/12/11 3:2 a.m.•3 views

EUVD-2025-202644

5CVSS5.9AI score0.0049EPSS

Exploits0References6

Cvelist•added 2025/12/11 3:2 a.m.•22 views

CVE-2025-14485 EFM ipTIME A3004T Administrator Password timepro.cgi show_debug_screen command injection

5CVSS0.0049EPSS

Exploits0References5

CVE•added 2025/12/11 3:2 a.m.•16 views

CVE-2025-14485

CVE-2025-14485 affects EFM ipTIME A3004T 14.19.0. The vulnerability is in the Administrator Password Handler’s show_debug_screen function (file /sess-bin/timepro.cgi). Manipulating the argument aaksjdkfj with input !@dnjsrureljrm*& enables command injection remotely. Public exploit content is ind...

5CVSS6.1AI score0.0049EPSS

Exploits0References5

CNNVD•added 2025/12/11 12:0 a.m.•1 views

EFM ipTIME A3004T 命令注入漏洞

The EFM ipTIME A3004T is a wireless router from EFM Korea. A command injection vulnerability exists in EFM ipTIME A3004T version 14.19.0, which stems from improper handling of the parameter aaksjdkfj in the file /sess-bin/timepro.cgi, which could lead to command injection...

5CVSS5.8AI score0.0049EPSS

Exploits0References5

Positive Technologies•added 2025/12/11 12:0 a.m.•4 views

PT-2025-50570

A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function show debug screen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm& causes command...

5CVSS6.4AI score0.0049EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2021-13408

Malware in sbrugna...

10CVSS9.2AI score0.02129EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2020-28780

Malware in sbrugna...

8CVSS7.8AI score0.02892EPSS

Exploits0References2