EFM ipTIME A3004T CVE-2025-14485
LOWSeverity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function show_debug_screen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm*& causes command injection. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is stated that the exploitability is difficult. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Command injection in EFM ipTIME A3004T firmware version 14.19.0 allows authenticated remote attackers to execute arbitrary commands via malformed input to the aaksjdkfj parameter in the show_debug_screen function of /sess-bin/timepro.cgi. Public exploit code is available, but the vulnerability has a high attack complexity requirement and the vendor has not issued a patch despite early disclosure notification.
Technical ContextAI
The vulnerability exists in the Administrator Password Handler component of the ipTIME A3004T router's web management interface. The affected endpoint /sess-bin/timepro.cgi processes user-supplied input through the show_debug_screen function without proper validation or sanitization. The vulnerability is classified as CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component), which indicates the application fails to properly escape or neutralize special characters in command-line contexts. The attack vector is network-accessible, suggesting the function is reachable via HTTP/HTTPS from remote clients, though the CVSSv4 vector indicates high complexity and low impact even if exploited.
Affected ProductsAI
EFM ipTIME A3004T firmware version 14.19.0 is confirmed affected. The router model A3004T is a residential/small business networking device. No other firmware versions or router models are explicitly mentioned in the provided data, so the scope of affected versions is not confirmed beyond 14.19.0. CPE string is not provided in the input data.
RemediationAI
No vendor-released patch identified at time of analysis. Contact EFM/ipTIME support directly to request a security update, though the vendor's non-responsiveness to early disclosure suggests patches may be delayed or unavailable. Immediate compensating controls include: disable remote access to the web management interface by restricting /sess-bin/timepro.cgi to trusted IP addresses or disabling remote management entirely in router settings (trade-off: loss of remote configuration capability); change default admin credentials and enforce strong passwords to reduce the risk of credential compromise that enables authenticated exploitation (trade-off: standard hardening with limited direct mitigation of this flaw); disable unused debug or diagnostic functions in the router's web interface if such options exist (trade-off: may limit troubleshooting capabilities). Consider evaluating alternative router firmware or hardware if security patches do not materialize.
Same technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today