| Titre | IPTIME A8004T 14.18.2 Authentication Bypass & Arbitrary Password Reset |
|---|
| Description | The vulnerability in the ipTIME A8004T firmware (version 14.18.2) constitutes a critical authentication bypass caused by a logical flaw in the session validation mechanism of the core timepro.cgi handler . The access control logic relies on the httpcon_check_session_url function, which determines whether to enforce authentication solely by checking if the request URL begins with the /sess-bin/ prefix . Analysis reveals that if the URL does not match this pattern, the function returns 0, causing the ftext handler to erroneously skip the httpcon_auth verification entirely . An attacker can exploit this by simply modifying the request path to /cgi/timepro.cgi to bypass login requirements , and subsequently target the hidden hiddenloginsetup interface to forcibly reset the administrator’s password using a CAPTCHA token retrieved via an unauthenticated request |
|---|
| La source | ⚠️ https://github.com/LX-LX88/cve/issues/27 |
|---|
| Utilisateur | LX-LX (UID 91683) |
|---|
| Soumission | 17/01/2026 14:18 (il y a 3 mois) |
|---|
| Modérer | 01/02/2026 09:06 (15 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 343639 [EFM ipTIME A8004T 14.18.2 Hidden Hiddenloginsetup Interface /cgi/timepro.cgi httpcon_check_session_url authentification faible] |
|---|
| Points | 20 |
|---|