Backdoor Vulnerability in EFM ipTIME Router 14.18.2
CVE-2026-1741

7.5HIGH

Key Information:

Vendor: Efm
Status: Iptime A8004t
Vendor: CVE Published:; 2 February 2026

What is CVE-2026-1741?

A security vulnerability has been identified in the EFM ipTIME A8004T router, specifically in version 14.18.2. This flaw exists within the httpcon_check_session_url function, located in the Debug Interface component's /sess-bin/d.cgi file. The manipulation of the 'cmd' argument creates a potential backdoor, allowing attackers to conduct remote exploitation. Although the intricacy of executing this attack is measured to be high, the exploit has been publicly disclosed, raising concerns for users of affected devices. Despite attempts to inform the vendor of this issue, there has been no response.

Affected Version(s)

ipTIME A8004T 14.18.2

References

https://vuldb.com/?id.343640

vdb-entrytechnical-description

https://vuldb.com/?ctiid.343640

signaturepermissions-required

https://vuldb.com/?submit.741423

third-party-advisory

CVSS V4

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2026
Vulnerability Reserved
Feb 1, 2026

Credit

LX-LX (VulDB User)

CVE-2026-1741 Data

JSON

Efm

What is CVE-2026-1741?

Affected Version(s)

References

CVSS V4

Timeline

Credit