Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security_5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Stack-based buffer overflow in ipTIME A8004T router firmware 14.18.2 enables authenticated remote attackers to achieve complete system compromise via malformed WiFi configuration requests. The vulnerability exists in the formWifiBasicSet function's handling of the security_5g parameter. Public exploit code (GitHub POC) increases exploitation risk, though EPSS data and active exploitation status are not available. Vendor (EFM Networks) has not responded to disclosure or released a patch.
Technical ContextAI
The ipTIME A8004T is a wireless router manufactured by EFM Networks. The vulnerability resides in the web management interface endpoint /goform/WifiBasicSet, specifically in the formWifiBasicSet function responsible for processing WiFi configuration changes. The function fails to validate the length of user-supplied input to the security_5g parameter (likely controlling 5GHz WiFi security settings) before copying it into a fixed-size stack buffer. This is a classic CWE-121 stack-based buffer overflow, where excessive data overwrites adjacent stack memory including return addresses and saved frame pointers. The CVSS vector (AV:N/AC:L/PR:L) indicates network-accessible exploitation with low complexity requiring only low-privilege authentication, typical of router admin interfaces with default or weak credentials. The CVSS E:P (Proof-of-concept) modifier confirms public exploit code availability.
RemediationAI
No vendor-released patch identified at time of analysis despite early notification - EFM Networks has not responded to the disclosure. Until a firmware update is available, implement the following compensating controls with noted trade-offs: (1) Disable remote web management interface access entirely and restrict admin interface to local network only (prevents remote exploitation but eliminates remote management capability); (2) Change default admin credentials to complex passwords and enable account lockout if available (raises bar for PR:L requirement but does not eliminate vulnerability); (3) Isolate affected routers on separate network segments with strict firewall rules limiting admin interface access to specific trusted IPs (reduces attack surface but requires network segmentation capability and ongoing ACL management); (4) Monitor authentication logs for unusual login attempts and suspicious POST requests to /goform/WifiBasicSet endpoint (detection only, does not prevent exploitation). Consider replacing devices with alternative router models if business-critical uptime is required. Check EFM Networks support site periodically for delayed patch releases. VulDB submission and CTI available at vuldb.com/vuln/362454/cti and exploit details at github.com/Kiciot/cve/issues/5.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28987
GHSA-hhfg-q3j6-485j