CVE-2026-1742 | EFM ipTIME A8004T 14.18.2 VPN Service /cgi/timepro.cgi commit_vpncli_file_upload unrestricted upload

Inserito da Angelo Barbosa | Feb 1, 2026 | CVE

A vulnerability labeled as critical has been found in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi of the component VPN Service. Such manipulation leads to unrestricted upload.

This vulnerability is referenced as CVE-2026-1742. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1742 | EFM ipTIME A8004T 14.18.2 VPN Service /cgi/timepro.cgi commit_vpncli_file_upload unrestricted upload

Post correlati

CVE-2024-44068 | Samsung 9820/9825/980/990/850/W920 Mobile Processor use after free

CVE-2024-29877 | Sentrifugo 3.2 edit expense_category_name cross site scripting

CVE-2024-1043 | AMP for WP Plugin up to 1.0.93.1 on WordPress amppb_remove_saved_layout_data access control

CVE-2024-30188 | Apache DolphinScheduler up to 3.2.2 Resource File access control