CVE-2025-55423
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2026-01-20
Last updated on: 2026-01-30
Assigner: MITRE
Description
Description
A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system() without proper validation or sanitization, allowing OS command injection.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| iptime | n104s-r1_firmware | From 9.90.8 (inc) to 10.02.2 (inc) |
| iptime | n104s-r1 | * |
| iptime | n104v_firmware | From 9.90.8 (inc) to 10.06.8 (inc) |
| iptime | n104v | * |
| iptime | n1e_firmware | From 9.90.8 (inc) to 10.06.8 (inc) |
| iptime | n1e | * |
| iptime | n1plus_firmware | From 9.90.8 (inc) to 10.06.8 (inc) |
| iptime | n1plus | * |
| iptime | n1plus-i_firmware | From 9.99.6 (inc) to 10.06.8 (inc) |
| iptime | n1plus-i | * |
| iptime | n1v_firmware | From 11.01.2 (inc) to 12.07.6 (inc) |
| iptime | n1v | * |
| iptime | n2e_firmware | From 9.90.8 (inc) to 10.06.8 (inc) |
| iptime | n2e | * |
| iptime | n2eplus_firmware | From 9.90.8 (inc) to 10.06.8 (inc) |
| iptime | n2eplus | * |
| iptime | n2plus_firmware | From 9.90.8 (inc) to 10.06.8 (inc) |
| iptime | n2plus | * |
| iptime | n2plus-i_firmware | From 9.99.6 (inc) to 10.06.8 (inc) |
| iptime | n2plus-i | * |
| iptime | n2v_firmware | From 10.09.2 (inc) to 12.16.8 (inc) |
| iptime | n2v | * |
| iptime | n2vs_firmware | 12.16.8 |
| iptime | n2vs | * |
| iptime | n3_firmware | From 9.93.2 (inc) to 10.06.8 (inc) |
| iptime | n3 | * |
| iptime | n3-i_firmware | From 9.99.6 (inc) to 10.06.8 (inc) |
| iptime | n3-i | * |
| iptime | n5_firmware | From 9.90.8 (inc) to 10.06.8 (inc) |
| iptime | n5 | * |
| iptime | n5-i_firmware | From 9.99.6 (inc) to 10.06.8 (inc) |
| iptime | n5-i | * |
| iptime | n6_firmware | From 9.96.8 (inc) to 10.06.8 (inc) |
| iptime | n6 | * |
| iptime | n600_firmware | From 10.00.8 (inc) to 12.16.2 (inc) |
| iptime | n600 | * |
| iptime | n6004r_firmware | From 9.90.8 (inc) to 10.02.2 (inc) |
| iptime | n6004r | * |
| iptime | n602e_firmware | From 11.96.6 (inc) to 12.16.8 (inc) |
| iptime | n602e | * |
| iptime | n602eplus_firmware | From 12.14.2 (inc) to 12.16.2 (inc) |
| iptime | n602eplus | * |
| iptime | n602se_firmware | From 14.19.0 (inc) to 14.19.4 (inc) |
| iptime | n602se | * |
| iptime | n604_black_firmware | From 9.93.8 (inc) to 12.16.2 (inc) |
| iptime | n604_black | * |
| iptime | n604a_firmware | From 9.90.8 (inc) to 10.06.8 (inc) |
| iptime | n604a | * |
| iptime | n604e_firmware | From 10.09.2 (inc) to 14.19.4 (inc) |
| iptime | n604e | * |
| iptime | n604eplus_firmware | From 12.14.2 (inc) to 14.19.4 (inc) |
| iptime | n604eplus | * |
| iptime | n604plus_firmware | From 9.90.8 (inc) to 12.15.2 (inc) |
| iptime | n604plus | * |
| iptime | n604plus-i_firmware | From 9.99.6 (inc) to 12.14.6 (inc) |
| iptime | n604plus-i | * |
| iptime | n604r_firmware | From 9.90.8 (inc) to 10.06.8 (inc) |
| iptime | n604r | * |
| iptime | n604rplus_firmware | From 9.90.8 (inc) to 10.06.8 (inc) |
| iptime | n604rplus | * |
| iptime | n604rplus-i_firmware | From 9.99.6 (inc) to 10.06.8 (inc) |
| iptime | n604rplus-i | * |
| iptime | n604s_firmware | From 9.90.8 (inc) to 10.06.8 (inc) |
| iptime | n604s | * |
| iptime | n604se_firmware | From 14.18.4 (inc) to 14.19.4 (inc) |
| iptime | n604se | * |
| iptime | n604t_firmware | From 9.90.8 (inc) to 10.03.2 (inc) |
| iptime | n604t | * |
| iptime | n604tplus_firmware | From 9.90.8 (inc) to 10.03.2 (inc) |
| iptime | n604tplus | * |
| iptime | n604v_firmware | From 9.90.8 (inc) to 10.06.8 (inc) |
| iptime | n604v | * |
| iptime | n604vplus_firmware | From 9.90.8 (inc) to 10.06.8 (inc) |
| iptime | n604vplus | * |
| iptime | n7004ns_firmware | 9.91.2 |
| iptime | n7004ns | * |
| iptime | n702bcm_firmware | From 9.90.8 (inc) to 12.16.2 (inc) |
| iptime | n702bcm | * |
| iptime | n702e_firmware | From 10.09.2 (inc) to 12.16.2 (inc) |
| iptime | n702e | * |
| iptime | ax11000_firmware | From 14.16.6 (inc) to 14.19.4 (inc) |
| iptime | ax11000 | * |
| iptime | ax2002mesh_firmware | From 14.16.6 (inc) to 14.19.4 (inc) |
| iptime | ax2002mesh | * |
| iptime | ax2004_firmware | From 14.17.4 (inc) to 14.19.4 (inc) |
| iptime | ax2004 | * |
| iptime | ax2004bcm_firmware | From 12.04.2 (inc) to 14.19.4 (inc) |
| iptime | ax2004bcm | * |
| iptime | ax2004m_firmware | From 14.02.0 (inc) to 14.19.4 (inc) |
| iptime | ax2004m | * |
| iptime | ax3004bcm_firmware | From 14.16.2 (inc) to 14.19.4 (inc) |
| iptime | ax3004bcm | * |
| iptime | ax3004itl_firmware | From 12.01.2 (inc) to 14.19.4 (inc) |
| iptime | ax3004itl | * |
| iptime | ax8004bcm_firmware | From 11.97.2 (inc) to 14.19.4 (inc) |
| iptime | ax8004bcm | * |
| iptime | ax8004m_firmware | From 14.05.2 (inc) to 14.19.4 (inc) |
| iptime | ax8004m | * |
| iptime | ax8008m_firmware | From 14.15.4 (inc) to 14.19.4 (inc) |
| iptime | ax8008m | * |
| iptime | a1_firmware | From 9.96.8 (inc) to 10.07.4 (inc) |
| iptime | a1 | * |
| iptime | a1004_firmware | From 9.90.8 (inc) to 12.16.2 (inc) |
| iptime | a1004 | * |
| iptime | a1004ns_firmware | From 9.96.0 (inc) to 12.16.2 (inc) |
| iptime | a1004ns | * |
| iptime | a1004v_firmware | From 9.90.8 (inc) to 12.16.2 (inc) |
| iptime | a1004v | * |
| iptime | a104_firmware | From 9.90.8 (inc) to 10.03.8 (inc) |
| iptime | a104 | * |
| iptime | a104ns_firmware | From 9.96.0 (inc) to 12.16.2 (inc) |
| iptime | a104ns | * |
| iptime | a104r_firmware | From 9.90.8 (inc) to 10.07.4 (inc) |
| iptime | a104r_firmware | * |
| iptime | a104r | * |
| iptime | a2003mu_firmware | From 12.13.0 (inc) to 12.16.2 (inc) |
| iptime | a2003mu | * |
| iptime | a2003ns-mu_firmware | From 10.00.6 (inc) to 12.16.2 (inc) |
| iptime | a2003ns-mu | * |
| iptime | a2004_firmware | From 9.90.8 (inc) to 10.07.4 (inc) |
| iptime | a2004 | * |
| iptime | a2004mu_firmware | From 10.08.6 (inc) to 12.17.0 (inc) |
| iptime | a2004mu | * |
| iptime | a2004ns_firmware | From 9.90.8 (inc) to 11.00.4 (inc) |
| iptime | a2004ns | * |
| iptime | a2004ns-mu_firmware | From 10.08.6 (inc) to 12.17.0 (inc) |
| iptime | a2004ns-mu | * |
| iptime | a2004ns-r_firmware | From 9.90.8 (inc) to 11.00.4 (inc) |
| iptime | a2004ns-r | * |
| iptime | a2004nsplus_firmware | From 9.90.8 (inc) to 11.00.4 (inc) |
| iptime | a2004nsplus | * |
| iptime | a2004plus_firmware | From 9.90.8 (inc) to 10.07.4 (inc) |
| iptime | a2004plus | * |
| iptime | a2004r_firmware | From 9.90.8 (inc) to 10.07.4 (inc) |
| iptime | a2004r | * |
| iptime | a2004se_firmware | From 14.16.6 (inc) to 14.19.4 (inc) |
| iptime | a2004se | * |
| iptime | a2008_firmware | From 9.90.8 (inc) to 10.07.4 (inc) |
| iptime | a2008 | * |
| iptime | a3_firmware | From 9.97.2 (inc) to 10.07.2 (inc) |
| iptime | a3 | * |
| iptime | a3002mesh_firmware | From 12.05.4 (inc) to 14.19.4 (inc) |
| iptime | a3002mesh | * |
| iptime | a3003ns_firmware | From 9.99.8 (inc) to 11.00.4 (inc) |
| iptime | a3003ns | * |
| iptime | a3004_firmware | From 9.90.8 (inc) to 10.08.2 (inc) |
| iptime | a3004 | * |
| iptime | a3004-dual_firmware | From 9.90.4 (inc) to 10.07.2 (inc) |
| iptime | a3004-dual | * |
| iptime | a3004m_firmware | From 14.18.4 (inc) to 14.19.4 (inc) |
| iptime | a3004m | * |
| iptime | a3004ns_firmware | From 9.90.2 (inc) to 10.09.4 (inc) |
| iptime | a3004ns | * |
| iptime | a3004ns-bcm_firmware | From 9.95.8 (inc) to 11.00.4 (inc) |
| iptime | a3004ns-bcm | * |
| iptime | a3004ns-dual_firmware | From 9.90.4 (inc) to 12.09.4 (inc) |
| iptime | a3004ns-dual | * |
| iptime | a3004ns-m_firmware | From 10.05.4 (inc) to 14.19.4 (inc) |
| iptime | a3004ns-m | * |
| iptime | a3004t_firmware | From 12.10.2 (inc) to 14.19.4 (inc) |
| iptime | a3004t | * |
| iptime | a3004tw_firmware | From 14.15.2 (inc) to 14.19.4 (inc) |
| iptime | a3004tw | * |
| iptime | a3008-mu_firmware | From 10.08.4 (inc) to 14.19.4 (inc) |
| iptime | a3008-mu | * |
| iptime | a304_firmware | From 10.05.4 (inc) to 10.07.4 (inc) |
| iptime | a304 | * |
| iptime | a5004ns_firmware | From 9.90.2 (inc) to 11.00.4 (inc) |
| iptime | a5004ns | * |
| iptime | a5004ns-m_firmware | From 10.05.4 (inc) to 14.19.4 (inc) |
| iptime | a5004ns-m | * |
| iptime | a6004mx_firmware | From 12.04.6 (inc) to 14.19.4 (inc) |
| iptime | a6004mx | * |
| iptime | a6004ns_firmware | From 9.90.2 (inc) to 11.00.4 (inc) |
| iptime | a6004ns | * |
| iptime | a6004ns-m_firmware | From 9.99.8 (inc) to 14.19.4 (inc) |
| iptime | a6004ns-m | * |
| iptime | a604_firmware | From 9.90.8 (inc) to 12.06.6 (inc) |
| iptime | a604 | * |
| iptime | a604-v3_firmware | From 10.01.6 (inc) to 10.07.2 (inc) |
| iptime | a604-v3 | * |
| iptime | a604-v5_firmware | From 10.09.2 (inc) to 12.16.2 (inc) |
| iptime | a604-v5 | * |
| iptime | a604g-mu_firmware | From 10.07.4 (inc) to 12.16.2 (inc) |
| iptime | a604g-mu | * |
| iptime | a604g-skylife_firmware | From 12.02.4 (inc) to 12.12.4 (inc) |
| iptime | a604g-skylife | * |
| iptime | a604m_firmware | From 10.06.4 (inc) to 10.07.2 (inc) |
| iptime | a604m | * |
| iptime | a604mu_firmware | From 12.12.4 (inc) to 12.16.2 (inc) |
| iptime | a604mu | * |
| iptime | a604r_firmware | From 10.09.2 (inc) to 12.16.2 (inc) |
| iptime | a604r | * |
| iptime | a604se_firmware | From 14.17.2 (inc) to 14.19.4 (inc) |
| iptime | a604se | * |
| iptime | a604v_firmware | From 9.90.8 (inc) to 10.07.4 (inc) |
| iptime | a604v | * |
| iptime | a6ns-m_firmware | From 10.01.6 (inc) to 14.19.4 (inc) |
| iptime | a6ns-m | * |
| iptime | a7004m_firmware | From 10.06.8 (inc) to 14.19.4 (inc) |
| iptime | a7004m | * |
| iptime | a704ns-bcm_firmware | From 9.95.8 (inc) to 11.00.4 (inc) |
| iptime | a704ns-bcm | * |
| iptime | a7ns_firmware | From 9.96.0 (inc) to 11.00.4 (inc) |
| iptime | a7ns | * |
| iptime | a8004bcm_firmware | From 11.99.1 (inc) to 12.16.2 (inc) |
| iptime | a8004bcm | * |
| iptime | a8004itl_firmware | From 11.00.4 (inc) to 14.19.4 (inc) |
| iptime | a8004itl | * |
| iptime | a8004ns-m_firmware | From 9.99.2 (inc) to 14.19.4 (inc) |
| iptime | a8004ns-m | * |
| iptime | a8004t_firmware | From 10.06.8 (inc) to 14.19.4 (inc) |
| iptime | a8004t | * |
| iptime | a8004t-xr_firmware | From 11.97.2 (inc) to 14.19.4 (inc) |
| iptime | a8004t-xr | * |
| iptime | a804ns-mu_firmware | From 10.06.4 (inc) to 12.10.2 (inc) |
| iptime | a804ns-mu | * |
| iptime | a8ns-m_firmware | From 10.03.2 (inc) to 14.19.4 (inc) |
| iptime | a8ns-m | * |
| iptime | a9004m_firmware | From 10.05.4 (inc) to 14.19.4 (inc) |
| iptime | a9004m | * |
| iptime | a9004m-x2_firmware | From 11.98.2 (inc) to 14.19.4 (inc) |
| iptime | a9004m-x2 | * |
| iptime | ew302n_firmware | From 9.90.8 (inc) to 12.16.2 (inc) |
| iptime | ew302n | * |
| iptime | n102e_firmware | From 11.00.8 (inc) to 12.15.2 (inc) |
| iptime | n102e | * |
| iptime | n102eplus_firmware | From 12.14.2 (inc) to 12.15.2 (inc) |
| iptime | n102eplus | * |
| iptime | n102i_firmware | From 11.01.2 (inc) to 12.15.2 (inc) |
| iptime | n102i | * |
| iptime | n102iplus_firmware | From 12.14.2 (inc) to 12.15.2 (inc) |
| iptime | n102iplus | * |
| iptime | n104_black_firmware | From 9.93.8 (inc) to 10.06.8 (inc) |
| iptime | n104_black | * |
| iptime | n104e_firmware | From 10.09.4 (inc) to 12.15.2 (inc) |
| iptime | n104e | * |
| iptime | n104eplus_firmware | From 12.14.2 (inc) to 12.15.2 (inc) |
| iptime | n104eplus | * |
| iptime | n104k_firmware | From 9.90.8 (inc) to 10.06.8 (inc) |
| iptime | n104k | * |
| iptime | n104plus_firmware | From 9.90.8 (inc) to 10.06.8 (inc) |
| iptime | n104plus | * |
| iptime | n104plus-i_firmware | From 9.99.6 (inc) to 10.06.8 (inc) |
| iptime | n104plus-i | * |
| iptime | n104q_firmware | From 9.90.8 (inc) to 10.06.8 (inc) |
| iptime | n104q | * |
| iptime | n104q-i_firmware | From 9.99.6 (inc) to 10.06.8 (inc) |
| iptime | n104q-i | * |
| iptime | n104r_firmware | From 9.90.8 (inc) to 10.06.8 (inc) |
| iptime | n104r | * |
| iptime | n702eplus_firmware | From 12.12.4 (inc) to 12.16.2 (inc) |
| iptime | n702eplus | * |
| iptime | n702r_firmware | From 10.05.8 (inc) to 10.06.8 (inc) |
| iptime | n702r | * |
| iptime | n704-a3_firmware | From 9.90.8 (inc) to 10.06.8 (inc) |
| iptime | n704-a3 | * |
| iptime | n704bcm_firmware | From 9.90.8 (inc) to 12.16.2 (inc) |
| iptime | n704bcm | * |
| iptime | n704e_firmware | From 11.98.4 (inc) to 12.16.2 (inc) |
| iptime | n704e | * |
| iptime | n704eplus_firmware | From 12.14.2 (inc) to 12.16.2 (inc) |
| iptime | n704eplus | * |
| iptime | n704ns_firmware | From 9.91.4 (inc) to 9.96.0 (inc) |
| iptime | n704ns | * |
| iptime | n704qca_firmware | From 10.02.4 (inc) to 12.16.2 (inc) |
| iptime | n704qca | * |
| iptime | n704v3_firmware | From 9.90.8 (inc) to 12.10.2 (inc) |
| iptime | n704v3 | * |
| iptime | n8004r_firmware | From 9.90.8 (inc) to 10.02.2 (inc) |
| iptime | n8004r | * |
| iptime | n8004v_firmware | From 9.90.8 (inc) to 10.02.2 (inc) |
| iptime | n8004v | * |
| iptime | n804_firmware | From 9.91.2 (inc) to 9.96.8 (inc) |
| iptime | n804 | * |
| iptime | n804a_firmware | From 9.91.2 (inc) to 9.96.8 (inc) |
| iptime | n804a | * |
| iptime | n804a3_firmware | From 9.90.8 (inc) to 9.96.8 (inc) |
| iptime | n804a3 | * |
| iptime | n804r_firmware | From 10.06.4 (inc) to 12.16.2 (inc) |
| iptime | n804r | * |
| iptime | n804t_firmware | From 9.91.2 (inc) to 9.96.8 (inc) |
| iptime | n804t | * |
| iptime | n804t3_firmware | From 9.90.8 (inc) to 9.96.8 (inc) |
| iptime | n804t3 | * |
| iptime | n804v_firmware | From 9.91.2 (inc) to 9.96.8 (inc) |
| iptime | n804v | * |
| iptime | n904_firmware | From 9.90.8 (inc) to 10.02.2 (inc) |
| iptime | n904 | * |
| iptime | n904ns_firmware | From 9.91.4 (inc) to 9.96.0 (inc) |
| iptime | n904ns | * |
| iptime | n904plus_firmware | From 9.90.8 (inc) to 10.02.2 (inc) |
| iptime | n904plus | * |
| iptime | n904v_firmware | From 9.90.8 (inc) to 10.02.2 (inc) |
| iptime | n904v | * |
| iptime | smart_firmware | From 9.90.8 (inc) to 9.94.2 (inc) |
| iptime | smart | * |
| iptime | q1_firmware | 9.91.2 |
| iptime | q1 | * |
| iptime | q304_firmware | 9.91.2 |
| iptime | q304 | * |
| iptime | q504_firmware | 9.91.2 |
| iptime | q504 | * |
| iptime | q604_firmware | 9.91.2 |
| iptime | q604 | * |
| iptime | t16000_firmware | From 9.91.2 (inc) to 11.03.6 (inc) |
| iptime | t16000 | * |
| iptime | t16000m_firmware | From 12.07.4 (inc) to 14.19.4 (inc) |
| iptime | t16000m | * |
| iptime | t24000_firmware | From 9.91.2 (inc) to 11.03.6 (inc) |
| iptime | t24000 | * |
| iptime | t24000m_firmware | From 12.07.4 (inc) to 14.19.4 (inc) |
| iptime | t24000m | * |
| iptime | t3004_firmware | From 9.90.8 (inc) to 12.07.6 (inc) |
| iptime | t3004 | * |
| iptime | t3008_firmware | From 9.90.8 (inc) to 12.09.6 (inc) |
| iptime | t3008 | * |
| iptime | t5004_firmware | From 11.96.4 (inc) to 14.19.4 (inc) |
| iptime | t5004 | * |
| iptime | t5008_firmware | From 11.98.2 (inc) to 14.19.4 (inc) |
| iptime | t5008 | * |
| iptime | v304_firmware | 9.91.2 |
| iptime | v304 | * |
| iptime | v504_firmware | From 9.90.8 (inc) to 12.15.2 (inc) |
| iptime | v504 | * |
| iptime | v508_firmware | From 10.02.2 (inc) to 10.06.4 (inc) |
| iptime | v508 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
