Skip to main content

Iptime C200

1 CVEs product

Monthly

CVE-2026-7833 HIGH POC This Week

Remote command injection in EFM ipTIME C200 camera firmware (versions up to 1.092) allows authenticated administrators to execute arbitrary system commands via malicious file upload to the ApplyRestore endpoint. The vulnerability exists in the sub_408F90 function processing the RestoreFile parameter in /cgi/iux_set.cgi. Exploitation probability is elevated by publicly available proof-of-concept code demonstrating the attack technique, though no active exploitation has been confirmed by CISA KEV at time of analysis. Vendor has been unresponsive to disclosure attempts, indicating no official patch timeline.

Command Injection Iptime C200
NVD VulDB GitHub
CVSS 4.0
7.3
EPSS
0.1%
EPSS 0% CVSS 7.3
HIGH POC This Week

Remote command injection in EFM ipTIME C200 camera firmware (versions up to 1.092) allows authenticated administrators to execute arbitrary system commands via malicious file upload to the ApplyRestore endpoint. The vulnerability exists in the sub_408F90 function processing the RestoreFile parameter in /cgi/iux_set.cgi. Exploitation probability is elevated by publicly available proof-of-concept code demonstrating the attack technique, though no active exploitation has been confirmed by CISA KEV at time of analysis. Vendor has been unresponsive to disclosure attempts, indicating no official patch timeline.

Command Injection Iptime C200
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy