CVE-2025-14485

Name of the Vulnerable Software and Affected Versions EFM ipTIME A3004T version 14.19.0

Description A weakness exists in the Administrator Password Handler component of EFM ipTIME A3004T. The issue affects the show debug screen function within the /sess-bin/timepro.cgi file. Manipulation of the aaksjdkfj argument with the input !@dnjsrureljrm*& can lead to command injection. The attack can be carried out remotely, but is considered to have a rather high complexity and difficult exploitability. The exploit has been publicly released. The vendor was contacted regarding this disclosure but did not respond.

Recommendations Versions prior to 14.19.0 are not affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.