Description
A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security_5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-10
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stack‑based buffer overflow in the formWifiBasicSet function of the ipTIME A8004T router firmware 14.18.2; it is triggered by sending a malicious input to the security_5g parameter in the /goform/WifiBasicSet endpoint, allowing an attacker to overflow the call stack and potentially execute arbitrary code or other malicious actions, all without authentication and reachable from any device that can communicate with the router’s management interface; the flaw was publicly disclosed and may be used, but the vendor has not responded, increasing the window of opportunity for attackers; a successful exploit would compromise the confidentiality, integrity, and availability of the router, potentially exposing the internal network to remote attackers.

Affected Systems

EFM:ipTIME A8004T routers running firmware 14.18.2 are affected, and no other versions are listed as vulnerable.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.7, indicating high severity; the EPSS score is not available so the exact exploitation probability is unknown, but public disclosure and lack of a vendor patch suggest a moderate‑to‑high real‑world risk; it is not yet listed in CISA KEV; attackers can deliver the malicious payload via a crafted POST request to /goform/WifiBasicSet from any host that can reach the router, making remote exploitation realistic.

Generated by OpenCVE AI on May 10, 2026 at 07:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Acquire and install the latest firmware release from the vendor that contains the fix for the formWifiBasicSet overflow.
  • If a patch is not yet available, block or restrict remote access to the /goform/WifiBasicSet URL using firewall rules or by limiting management interface access to local IP addresses.
  • Continuously monitor router logs and network traffic for suspicious POST requests targeting the /goform/WifiBasicSet endpoint, and consider resetting the device to factory defaults if compromise is suspected.

Generated by OpenCVE AI on May 10, 2026 at 07:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 10 May 2026 06:45:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security_5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title EFM ipTIME A8004T WifiBasicSet formWifiBasicSet stack-based overflow
Weaknesses CWE-119
CWE-121
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-10T06:00:13.092Z

Reserved: 2026-05-09T09:33:43.459Z

Link: CVE-2026-8234

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-10T07:16:08.740

Modified: 2026-05-10T07:16:08.740

Link: CVE-2026-8234

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T08:00:08Z

Weaknesses