4 matches found
CVE-2026-1740
CVE-2026-1740 affects EFM ipTIME A8004T 14.18.2; the flaw is in httpcon_check_session_url inside /cgi/timepro.cgi in the Hidden login/setup interface, enabling remote improper authentication. Exploits are public per the sources; vendor did not respond to disclosure. Mitigation noted in PT-2026-55...
PT-2026-5599
Name of the Vulnerable Software and Affected Versions EFM ipTIME A8004T version 14.18.2 Description A flaw exists in the authentication process of the EFM ipTIME A8004T router. This issue stems from improper authentication within the httpcon check session url function, located in the...
CVE-2025-57789
During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured...
CVE-2019-15617
A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login...