Skip to main content

EFM ipTIME A3004T CVE-2025-14485

LOW
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2025-12-11 cna@vuldb.com
1.3
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.3 LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Apr 29, 2026 - 01:37 vuln.today

DescriptionCVE.org

A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function show_debug_screen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm*& causes command injection. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is stated that the exploitability is difficult. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Command injection in EFM ipTIME A3004T firmware version 14.19.0 allows authenticated remote attackers to execute arbitrary commands via malformed input to the aaksjdkfj parameter in the show_debug_screen function of /sess-bin/timepro.cgi. Public exploit code is available, but the vulnerability has a high attack complexity requirement and the vendor has not issued a patch despite early disclosure notification.

Technical ContextAI

The vulnerability exists in the Administrator Password Handler component of the ipTIME A3004T router's web management interface. The affected endpoint /sess-bin/timepro.cgi processes user-supplied input through the show_debug_screen function without proper validation or sanitization. The vulnerability is classified as CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component), which indicates the application fails to properly escape or neutralize special characters in command-line contexts. The attack vector is network-accessible, suggesting the function is reachable via HTTP/HTTPS from remote clients, though the CVSSv4 vector indicates high complexity and low impact even if exploited.

Affected ProductsAI

EFM ipTIME A3004T firmware version 14.19.0 is confirmed affected. The router model A3004T is a residential/small business networking device. No other firmware versions or router models are explicitly mentioned in the provided data, so the scope of affected versions is not confirmed beyond 14.19.0. CPE string is not provided in the input data.

RemediationAI

No vendor-released patch identified at time of analysis. Contact EFM/ipTIME support directly to request a security update, though the vendor's non-responsiveness to early disclosure suggests patches may be delayed or unavailable. Immediate compensating controls include: disable remote access to the web management interface by restricting /sess-bin/timepro.cgi to trusted IP addresses or disabling remote management entirely in router settings (trade-off: loss of remote configuration capability); change default admin credentials and enforce strong passwords to reduce the risk of credential compromise that enables authenticated exploitation (trade-off: standard hardening with limited direct mitigation of this flaw); disable unused debug or diagnostic functions in the router's web interface if such options exist (trade-off: may limit troubleshooting capabilities). Consider evaluating alternative router firmware or hardware if security patches do not materialize.

Share

CVE-2025-14485 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy