CVE-2026-24498
Received
Received - Intake
Authentication Bypass in EFM-Networks ipTIME Routers Exposes Data
Publication date: 2026-02-27
Last updated on: 2026-03-17
Assigner: KrCERT/CC
Description
Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in EFM-Networks, Inc. IpTIME T5008, EFM-Networks, Inc. IpTIME AX2004M, EFM-Networks, Inc. IpTIME AX3000Q, EFM-Networks, Inc. IpTIME AX6000M allows Authentication Bypass.This issue affects ipTIME T5008: through 15.26.8; ipTIME AX2004M: through 15.26.8; ipTIME AX3000Q: through 15.26.8; ipTIME AX6000M: through 15.26.8.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| iptime | t5008_firmware | to 15.27.2 (exc) |
| iptime | ax2004m_firmware | to 15.27.2 (exc) |
| iptime | ax3000q_firmware | to 15.27.2 (exc) |
| iptime | ax6000m_firmware | to 15.27.2 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
