Which versions of ipTIME A8004T are affected by EUVD-2026-28987?

CVE-2026-8234 is a stack-based buffer overflow affecting ipTIME A8004T routers (firmware 14.18.2) that allows authenticated attackers to gain complete system control through malformed WiFi…

Is there a public PoC exploit available for EUVD-2026-28987?

Yes, a public proof-of-concept exploit is available for EUVD-2026-28987. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2026-28987?

Within 24 hours: Identify all ipTIME A8004T routers in production using network discovery tools and document firmware versions. Within 7 days: Isolate or restrict administrative access to affected routers (14.18.2) to authorized personnel only; restrict WiFi configuration changes to necessary administrators. Within 30 days: Contact EFM Networks directly for patch availability status and timeline; evaluate router replacement or upgrade to alternative vendors if no patched firmware is released within 60 days; if routers remain in use, implement network segmentation to limit blast radius of potential compromise.

ipTIME A8004T EUVD-2026-28987

Q: What is the CVSS score of EUVD-2026-28987?

EUVD-2026-28987 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-8234 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-05-10 VulDB

GHSA-hhfg-q3j6-485j

Buffer Overflow Stack Overflow

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

May 10, 2026 - 07:27 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 10, 2026 - 07:22 vuln.today

cvss_changed

CVSS changed

May 10, 2026 - 07:22 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

May 10, 2026 - 07:15 vuln.today

CVE Published

May 10, 2026 - 06:00 nvd

HIGH 8.8

DescriptionNVD

A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security_5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in ipTIME A8004T router firmware 14.18.2 enables authenticated remote attackers to achieve complete system compromise via malformed WiFi configuration requests. The vulnerability exists in the formWifiBasicSet function's handling of the security_5g parameter. …

RemediationAI

Within 24 hours: Identify all ipTIME A8004T routers in production using network discovery tools and document firmware versions. Within 7 days: Isolate or restrict administrative access to affected routers (14.18.2) to authorized personnel only; restrict WiFi configuration changes to necessary administrators. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-28987 vulnerability details – vuln.today

Back

ipTIME A8004T EUVD-2026-28987

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

ipTIME A8004T EUVD-2026-28987

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code