| Title | IPTIME A8004T 14.18.2 Authentication Bypass & Arbitrary Password Reset |
|---|
| Description | The vulnerability in the ipTIME A8004T firmware (version 14.18.2) constitutes a critical authentication bypass caused by a logical flaw in the session validation mechanism of the core timepro.cgi handler . The access control logic relies on the httpcon_check_session_url function, which determines whether to enforce authentication solely by checking if the request URL begins with the /sess-bin/ prefix . Analysis reveals that if the URL does not match this pattern, the function returns 0, causing the ftext handler to erroneously skip the httpcon_auth verification entirely . An attacker can exploit this by simply modifying the request path to /cgi/timepro.cgi to bypass login requirements , and subsequently target the hidden hiddenloginsetup interface to forcibly reset the administrator’s password using a CAPTCHA token retrieved via an unauthenticated request |
|---|
| Source | ⚠️ https://github.com/LX-LX88/cve/issues/27 |
|---|
| User | LX-LX (UID 91683) |
|---|
| Submission | 01/17/2026 14:18 (3 months ago) |
|---|
| Moderation | 02/01/2026 09:06 (15 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 343639 [EFM ipTIME A8004T 14.18.2 Hidden Hiddenloginsetup Interface /cgi/timepro.cgi httpcon_check_session_url improper authentication] |
|---|
| Points | 20 |
|---|