CVE-2026-1740
Unknown Unknown - Not Provided
Improper Authentication in EFM ipTIME A8004T Remote Interface

Publication date: 2026-02-02

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-02
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-02-02
EPSS Evaluated
2026-06-14
NVD
CVE-2026-1740
EUVD
EUVD-2026-5126
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
iptime a8004t_firmware 14.18.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1740 is a critical improper authentication vulnerability in the EFM ipTIME A8004T router firmware version 14.18.2. It exists in the function httpcon_check_session_url within the /cgi/timepro.cgi file of the hiddenloginsetup interface. The flaw allows an attacker to bypass authentication remotely without any credentials by exploiting a logical flaw where authentication is only enforced if the request URL starts with '/sess-bin/'. By sending requests to '/cgi/timepro.cgi', the attacker can skip authentication checks and gain unauthorized access, including the ability to forcibly reset the administrator's password using an unauthenticated CAPTCHA token request. [1, 2]

Impact Analysis

This vulnerability can severely impact you by allowing remote attackers to bypass authentication and gain unauthorized access to the router's hidden administrative interface. They can forcibly reset the administrator password, compromising the confidentiality, integrity, and availability of the device. This could lead to full control over the router, enabling malicious activities such as network interception, configuration changes, or denial of service. Since the vulnerability is unpatched and exploits are publicly available, the risk is high. [1, 2]

Detection Guidance

Detection can focus on monitoring HTTP requests to the affected device for suspicious access to the /cgi/timepro.cgi endpoint without proper authentication. Specifically, look for requests that do not start with the prefix "/sess-bin/" but still access /cgi/timepro.cgi, as this indicates attempts to bypass authentication. Network monitoring tools or web server logs can be used to identify such requests. For example, using command-line tools like tcpdump or tshark to capture HTTP traffic and grep to filter requests: tcpdump -i <interface> -A 'tcp port 80' | grep '/cgi/timepro.cgi' or tshark -Y 'http.request.uri contains "/cgi/timepro.cgi"' -T fields -e http.request.uri. Additionally, checking router logs for unauthorized password reset attempts or unusual access patterns to the hiddenloginsetup interface may help detect exploitation attempts. [1, 2]

Mitigation Strategies

Since no patches or vendor mitigations are available, immediate steps include restricting access to the affected device by limiting network exposure, such as placing the router behind a firewall or VPN and blocking external access to the /cgi/timepro.cgi endpoint. Consider disabling remote management features if possible. Monitoring for suspicious activity and unauthorized access attempts is critical. Ultimately, replacing the affected product with a secure alternative is recommended to fully mitigate the risk. [1]

Compliance Impact

The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1740. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart