| 제목 | IPTIME A8004T 14.18.2 Authentication Bypass & Arbitrary Password Reset |
|---|
| 설명 | The vulnerability in the ipTIME A8004T firmware (version 14.18.2) constitutes a critical authentication bypass caused by a logical flaw in the session validation mechanism of the core timepro.cgi handler . The access control logic relies on the httpcon_check_session_url function, which determines whether to enforce authentication solely by checking if the request URL begins with the /sess-bin/ prefix . Analysis reveals that if the URL does not match this pattern, the function returns 0, causing the ftext handler to erroneously skip the httpcon_auth verification entirely . An attacker can exploit this by simply modifying the request path to /cgi/timepro.cgi to bypass login requirements , and subsequently target the hidden hiddenloginsetup interface to forcibly reset the administrator’s password using a CAPTCHA token retrieved via an unauthenticated request |
|---|
| 원천 | ⚠️ https://github.com/LX-LX88/cve/issues/27 |
|---|
| 사용자 | LX-LX (UID 91683) |
|---|
| 제출 | 2026. 01. 17. PM 02:18 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 01. AM 09:06 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 343639 [EFM ipTIME A8004T 14.18.2 Hidden Hiddenloginsetup Interface /cgi/timepro.cgi httpcon_check_session_url 약한 인증] |
|---|
| 포인트들 | 20 |
|---|