Vulnerability in Efm Iptime A8004t
CVE-2026-1741
A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is poss…
EPSS: 0.001 (34.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.6 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R.
Affected products
- Efm Iptime A8004t — versions 14.18.2
Weakness classification (CWE)
References
- VDB-343640 | EFM ipTIME A8004T Debug d.cgi httpcon_check_session_url backdoor (vdb-entry, technical-description)
- VDB-343640 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
- Submit #741423 | EFM IPTIME A8004T 14.18.2 Command Injection (third-party-advisory)
- github.com/LX-LX88/cve/issues/28 (broken-link, exploit, issue-tracking)
Frequently asked questions
- What is CVE-2026-1741?
- CVE-2026-1741 is a medium-severity vulnerability in Efm Iptime A8004t, classified under Hidden Functionality. CVSS score: 6.6/10. Published 2026-02-02.
- How severe is CVE-2026-1741?
- Medium severity. CVSS v3 base score is 6.6 out of 10.