Authentication Bypass Vulnerability in IpTIME Routers by EFM-Networks
CVE-2026-24498

6MEDIUM

Key Information:

Vendor: Efm-networks, Inc.
Status: Iptime T5008; Iptime Ax2004m; Iptime Ax3000q; Iptime Ax6000m
Vendor: CVE Published:; 27 February 2026

🔔 Create Efm-networks, Inc. Vulnerability Alert

What is CVE-2026-24498?

A vulnerability exists in various IpTIME routers by EFM-Networks that allows unauthorized actors to bypass authentication mechanisms. This exposure may grant access to sensitive information, putting user privacy and data integrity at risk. Models affected include the IpTIME T5008, AX2004M, AX3000Q, and AX6000M, all running firmware versions up to 15.26.8. It is crucial for users of these devices to review their firmware and apply any necessary updates to mitigate potential risks.

Affected Version(s)

ipTIME AX2004M 0 <= 15.26.8

ipTIME AX3000Q 0 <= 15.26.8

ipTIME AX6000M 0 <= 15.26.8

References

https://iptime.com/iptime/?page_id=126&dffid=1&dfsid=15&d...

https://www.boho.or.kr/kr/bbs/view.do?searchCnd=&bbsId=B0...

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 27, 2026
Vulnerability Reserved
Jan 23, 2026

CVE-2026-24498 Data

JSON