PT-2026-5601 · Efm · Iptime A8004T
Lx-Lx
·
Published
2026-02-02
·
Updated
2026-03-10
·
CVE-2026-1742
CVSS v3.1
7.2
High
| AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
EFM ipTIME A8004T version 14.18.2
Description
A flaw exists in the VPN Service component of the software, specifically within the
commit vpncli file upload function located in the /cgi/timepro.cgi file. This allows for unrestricted file uploads, and can be exploited remotely. The exploit for this issue is publicly available. The vendor was informed of this issue but did not provide a response.Recommendations
For EFM ipTIME A8004T version 14.18.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Access Control
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Iptime A8004T