CVE-2026-1741 | EFM ipTIME A8004T 14.18.2 Debug Interface /sess-bin/d.cgi httpcon_check_session_url cmd backdoor

A vulnerability identified as critical has been detected in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor.

The identification of this vulnerability is CVE-2026-1741. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1741 | EFM ipTIME A8004T 14.18.2 Debug Interface /sess-bin/d.cgi httpcon_check_session_url cmd backdoor

Post correlati

CVE-2024-51528 | Huawei HarmonyOS/EMUI Super Home Screen Module log file

CVE-2025-7229 | INVT VT-Designer PM3 File Parser out-of-bounds write

CVE-2023-7041 | codelyfe Stupid Simple CMS up to 1.2.4 /file-manager/rename.php newName path traversal

CVE-2024-6272 | SpiderContacts Plugin up to 1.1.7 on WordPress cross site scripting