PT-2026-5601 · Efm · Iptime A8004T

Lx-Lx

Publicado

2026-02-02

Atualizado

2026-03-10

CVE-2026-1742

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions EFM ipTIME A8004T version 14.18.2

Description A flaw exists in the VPN Service component of the software, specifically within the commit vpncli file upload function located in the /cgi/timepro.cgi file. This allows for unrestricted file uploads, and can be exploited remotely. The exploit for this issue is publicly available. The vendor was informed of this issue but did not provide a response.

Recommendations For EFM ipTIME A8004T version 14.18.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-434

Identificadores relacionados

CVE-2026-1742

Produtos afetados

Iptime A8004T

PT-2026-5601 · Efm · Iptime A8004T

CVE-2026-1742

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11