Which versions of EFM ipTIME C200 are affected by CVE-2026-7833?

CVE-2026-7833 affects EFM ipTIME C200 camera firmware through version 1.092, enabling authenticated administrators to execute arbitrary commands via malicious file uploads.

Is there a public PoC exploit available for CVE-2026-7833?

Yes, a public proof-of-concept exploit is available for CVE-2026-7833. Prioritise patching immediately. EPSS: 0.1%.

EFM ipTIME C200 CVE-2026-7833

Q: What is the CVSS score of CVE-2026-7833?

CVE-2026-7833 has a CVSS 4.0 base score of 7.3 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-27319 HIGH

Command Injection (CWE-77)

2026-05-05 VulDB

GHSA-m3xj-gqh8-33xm

Command Injection

7.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 05, 2026 - 13:31 vuln.today

CVSS changed

May 05, 2026 - 13:22 NVD

7.2 (HIGH) 7.3 (HIGH)

DescriptionNVD

A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub_408F90 of the file /cgi/iux_set.cgi of the component ApplyRestore Endpoint. This manipulation of the argument RestoreFile causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Remote command injection in EFM ipTIME C200 camera firmware (versions up to 1.092) allows authenticated administrators to execute arbitrary system commands via malicious file upload to the ApplyRestore endpoint. The vulnerability exists in the sub_408F90 function processing the RestoreFile parameter in /cgi/iux_set.cgi. …

RemediationAI

Within 24 hours: Inventory all EFM ipTIME C200 cameras in production and document current firmware versions. Within 7 days: Restrict administrative access to the ApplyRestore endpoint (/cgi/iux_set.cgi) through network segmentation or firewall rules; implement strict admin credential controls and monitoring for the affected device models. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7833 vulnerability details – vuln.today

Back

EFM ipTIME C200 CVE-2026-7833

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

EFM ipTIME C200 CVE-2026-7833

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code