| शीर्षक | EFM iptime A6004MX 14.18.2 Authentication Bypass & Arbitrary File Upload leading to RCE |
|---|
| विवरण | A critical security vulnerability exists in the ipTIME router firmware involving the timepro.cgi binary.
First, an Authentication Bypass vulnerability allows unauthenticated attackers to access sensitive CGI functions by utilizing the /cgi/ URL path instead of the standard /sess-bin/ path. This bypasses the session validation logic in the ftext dispatcher.
Second, an Arbitrary File Upload vulnerability exists in the commit_vpncli_file_upload function. The function fails to properly validate the file extension or file content. This allows an attacker to successfully upload an arbitrary OpenVPN configuration file (.ovpn) directly to the system directory /etc/econf/vpnclient/openvpn/.
By uploading a malicious OpenVPN configuration file containing the script-security 2 and up directives, an attacker can trigger the execution of arbitrary system commands with root privileges when the VPN service is invoked. |
|---|
| स्रोत | ⚠️ https://github.com/LX-LX88/cve-new/issues/3 |
|---|
| उपयोगकर्ता | LX-LX (UID 91683) |
|---|
| सबमिशन | 01/02/2026 11:05 AM (3 महीनों पहले) |
|---|
| संयम | 15/02/2026 05:12 PM (14 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 346159 [EFM iptime A6004MX 14.18.2 /cgi/timepro.cgi commit_vpncli_file_upload अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|