CVE-2026-1741 - Vulnerability Details

- EFM ipTIME A8004T Debug d.cgi httpcon_check_session_url backdoor

Description

A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-02-02

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability lies in the httpcon_check_session_url function within the Debug Interface of EFM ipTIME A8004T firmware 14.18.2. By manipulating the "cmd" argument in the /sess-bin/d.cgi endpoint, an attacker can trigger a backdoor that yields remote code execution capabilities. The flaw is categorized as CWE‑912. Remote exploitation would allow an attacker to run arbitrary commands, compromising the device.

Affected Systems

Affected vendors and products: EFM ipTIME A8004T router running firmware version 14.18.2. The product is the Debug Interface component, specifically the /sess-bin/d.cgi file. Currently identified only in ipTIME A8004T firmware 14.18.2.

Risk and Exploitability

The CVSS base score is 7.5, indicating a high severity. EPSS indicates the probability of exploitation is less than 1%, implying low overall risk compared to other vulnerabilities. The vulnerability is not yet listed in the CISA KEV catalog. Exploitation requires manipulating a query parameter from a remote connection and is considered difficult. Nevertheless, if successful, it can lead to full device compromise. The attack vector is remote through the debugging interface.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

EFM

ipTIME A8004T

affected

Version	Status	Constraints
`14.18.2`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:iptime:a8004t_firmware:14.18.2:*:*:*:*:*:*:*

cpe:2.3:h:iptime:a8004t:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Iptime	A8004t	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the router firmware to the latest version that includes a fix for the backdoor.
Disable or remove the Debug Interface feature if it is not required for normal operation.
Restrict network access to the /sess-bin/d.cgi endpoint using firewall or ACL rules to prevent unauthorized remote connections.

Generated by OpenCVE AI on April 18, 2026 at 00:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity High

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity High

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00112.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/LX-LX88/cve/issues/28
https://vuldb.com/?ctiid.343640
https://vuldb.com/?id.343640
https://vuldb.com/?submit.741423

History

Tue, 10 Mar 2026 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Iptime a8004t Firmware
CPEs		cpe:2.3:h:iptime:a8004t:-:::::::* cpe:2.3:o:iptime:a8004t_firmware:14.18.2:::::::*
Vendors & Products		Iptime a8004t Firmware

Tue, 03 Feb 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Iptime Iptime a8004t
Vendors & Products		Iptime Iptime a8004t

Mon, 02 Feb 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 02 Feb 2026 03:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Title		EFM ipTIME A8004T Debug d.cgi httpcon_check_session_url backdoor
Weaknesses		CWE-912
References		https://github.com/LX-LX88/cve/issues/28 https://vuldb.com/?ctiid.343640 https://vuldb.com/?id.343640 https://vuldb.com/?submit.741423
Metrics		cvssV2_0 `{'score': 6.8, 'vector': 'AV:N/AC:H/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.6, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 7.5, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Iptime A8004t A8004t Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-02T03:02:06.833Z

Updated: 2026-02-23T09:13:22.116Z

Reserved: 2026-02-01T08:06:21.873Z

Link: CVE-2026-1741

Vulnrichment

Updated: 2026-02-02T14:13:59.762Z

NVD

Status : Analyzed

Published: 2026-02-02T04:15:55.170

Modified: 2026-03-10T18:26:24.417

Link: CVE-2026-1741

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T01:00:11Z

Weaknesses

CWE-912

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity High

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object