CVE-2026-1740 | EFM ipTIME A8004T 14.18.2 Hidden Hiddenloginsetup Interface /cgi/timepro.cgi httpcon_check_session_url improper authentication

Inserito da Angelo Barbosa | Feb 1, 2026 | CVE

A vulnerability categorized as critical has been discovered in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication.

This vulnerability was named CVE-2026-1740. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1740 | EFM ipTIME A8004T 14.18.2 Hidden Hiddenloginsetup Interface /cgi/timepro.cgi httpcon_check_session_url improper authentication

Post correlati

CVE-2024-27281 | RDoc up to 6.6.2 YAML File rdoc_options code injection

CVE-2024-12308 | Logo Slider Plugin up to 4.5.x on WordPress Shortcode Attribute cross site scripting

CVE-2024-1308 | WooCommerce Cloak Affiliate Links Plugin up to 1.0.33 on WordPress Permalink Modification authorization

CVE-2025-5996 | GitLab Community Edition/Enterprise Edition up to 17.10.6/17.11.2/18.0.0 allocation of resources (Issue 476671)