CVE-2026-2550

HIGH EPSS 45.6%

Published Feb 16, 20264mo ago · Modified Apr 15, 20262mo ago

8.9 CVSS 4.0

High

Published Feb 16, 2026 4mo ago

Last Modified Apr 15, 2026 2mo ago

Description

A vulnerability was found in EFM iptime A6004MX 14.18.2. Affected is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi. The manipulation results in unrestricted upload. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

Base Score

8.9

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

45.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-284

CWE-434 Unrestricted Upload of File with Dangerous Type Resource Mgmt

References 4

github.com https://github.com/LX-LX88/cve-new/issues/3
vuldb.com https://vuldb.com/?ctiid.346159
vuldb.com https://vuldb.com/?id.346159
vuldb.com https://vuldb.com/?submit.749986

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.