| Название | IPTIME A8004T 14.18.2 Authentication Bypass & Arbitrary Password Reset |
|---|
| Описание | The vulnerability in the ipTIME A8004T firmware (version 14.18.2) constitutes a critical authentication bypass caused by a logical flaw in the session validation mechanism of the core timepro.cgi handler . The access control logic relies on the httpcon_check_session_url function, which determines whether to enforce authentication solely by checking if the request URL begins with the /sess-bin/ prefix . Analysis reveals that if the URL does not match this pattern, the function returns 0, causing the ftext handler to erroneously skip the httpcon_auth verification entirely . An attacker can exploit this by simply modifying the request path to /cgi/timepro.cgi to bypass login requirements , and subsequently target the hidden hiddenloginsetup interface to forcibly reset the administrator’s password using a CAPTCHA token retrieved via an unauthenticated request |
|---|
| Источник | ⚠️ https://github.com/LX-LX88/cve/issues/27 |
|---|
| Пользователь | LX-LX (UID 91683) |
|---|
| Представление | 17.01.2026 14:18 (3 месяцы назад) |
|---|
| Модерация | 01.02.2026 09:06 (15 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 343639 [EFM ipTIME A8004T 14.18.2 Hidden Hiddenloginsetup Interface /cgi/timepro.cgi httpcon_check_session_url слабая аутентификация] |
|---|
| Баллы | 20 |
|---|