Skip to main content

A8004t Firmware

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-1741 MEDIUM This Month

The debug interface in EFM ipTIME A8004T firmware versions up to 14.18.2 contains a backdoor vulnerability in the /sess-bin/d.cgi component that can be exploited remotely through manipulation of the cmd parameter, allowing authenticated attackers with high privileges to achieve unauthorized access. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification of the disclosure.

Information Disclosure A8004t Firmware
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-55423 CRITICAL POC Act Now

Multiple ipTIME router models have a command injection vulnerability in the upnp_relay() function, allowing remote attackers to execute arbitrary OS commands through crafted UPnP requests.

A604mu Firmware A3004ns Bcm Firmware N702e Firmware T3008 Firmware A604m Firmware +159
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-1741
EPSS 0% CVSS 6.6
MEDIUM This Month

The debug interface in EFM ipTIME A8004T firmware versions up to 14.18.2 contains a backdoor vulnerability in the /sess-bin/d.cgi component that can be exploited remotely through manipulation of the cmd parameter, allowing authenticated attackers with high privileges to achieve unauthorized access. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification of the disclosure.

Information Disclosure A8004t Firmware
NVD GitHub VulDB
CVE-2025-55423
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Multiple ipTIME router models have a command injection vulnerability in the upnp_relay() function, allowing remote attackers to execute arbitrary OS commands through crafted UPnP requests.

A604mu Firmware A3004ns Bcm Firmware N702e Firmware +161
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy