| Titel | IPTIME A8004T 14.18.2 Authentication Bypass & Arbitrary Password Reset |
|---|
| Beschreibung | The vulnerability in the ipTIME A8004T firmware (version 14.18.2) constitutes a critical authentication bypass caused by a logical flaw in the session validation mechanism of the core timepro.cgi handler . The access control logic relies on the httpcon_check_session_url function, which determines whether to enforce authentication solely by checking if the request URL begins with the /sess-bin/ prefix . Analysis reveals that if the URL does not match this pattern, the function returns 0, causing the ftext handler to erroneously skip the httpcon_auth verification entirely . An attacker can exploit this by simply modifying the request path to /cgi/timepro.cgi to bypass login requirements , and subsequently target the hidden hiddenloginsetup interface to forcibly reset the administrator’s password using a CAPTCHA token retrieved via an unauthenticated request |
|---|
| Quelle | ⚠️ https://github.com/LX-LX88/cve/issues/27 |
|---|
| Benutzer | LX-LX (UID 91683) |
|---|
| Einreichung | 17.01.2026 14:18 (vor 3 Monaten) |
|---|
| Moderieren | 01.02.2026 09:06 (15 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 343639 [EFM ipTIME A8004T 14.18.2 Hidden Hiddenloginsetup Interface /cgi/timepro.cgi httpcon_check_session_url schwache Authentisierung] |
|---|
| Punkte | 20 |
|---|