CVE-2026-1740
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
2Description
A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
EFM ipTIME A8004T firmware versions up to 14.18.2 contain an authentication bypass in the /cgi/timepro.cgi interface that allows remote attackers to circumvent session validation without credentials. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early disclosure notification. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all EFM ipTIME A8004T devices running firmware 14.18.2 and isolate affected units from production networks if possible. Within 7 days: Implement network segmentation to restrict access to the affected device's web interface, monitor for suspicious login attempts, and contact vendor for patch availability or workarounds. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today