What is CVE-2026-1742?

CVE-2026-1742 is a medium-severity vulnerability in Efm Iptime A8004t, classified under Improper Access Control. CVSS score: 4.7/10. Published 2026-02-02.

How severe is CVE-2026-1742?

Medium severity. CVSS v3 base score is 4.7 out of 10.

Arbitrary file upload in Efm Iptime A8004t

CVE-2026-1742

A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi of the component VPN Service. Such manipulation leads to unrestricted upload…

EPSS: 0.000 (3.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L.

Affected products

Efm Iptime A8004t — versions 14.18.2
Iptime A8004t
Iptime A8004t_firmware — versions 14.18.2

Weakness classification (CWE)

References

VDB-343641 | EFM ipTIME A8004T VPN Service timepro.cgi commit_vpncli_file_upload unrestricted upload (technical-description, Third Party Advisory, VDB Entry, vdb-entry)
VDB-343641 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, Permissions Required, permissions-required, VDB Entry)
Submit #741450 | EFM IPTIME A8004T 14.18.2 Authentication Bypass & Arbitrary File Upload (Third Party Advisory, VDB Entry, third-party-advisory)
cna@vuldb.com (issue-tracking, exploit, Issue Tracking, broken-link, Broken Link)

Frequently asked questions

What is CVE-2026-1742?: CVE-2026-1742 is a medium-severity vulnerability in Efm Iptime A8004t, classified under Improper Access Control. CVSS score: 4.7/10. Published 2026-02-02.
How severe is CVE-2026-1742?: Medium severity. CVSS v3 base score is 4.7 out of 10.