Main Vulnerability Database SB2026051255

SB2026051255 - Remote code execution in ipTIME firmware

Published: May 12, 2026

Security Bulletin ID SB2026051255

CSH Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Command injection (CVE-ID: N/A)

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to command injection in the easycwmp CWMP handling logic when processing parameter values from SOAP messages. A remote attacker can send a specially crafted CWMP request to execute arbitrary code.

Exploitation can occur pre-authentication, and the injected command is executed with root privileges when the temporary command file is later processed with eval.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://ssd-disclosure.com/iptime-pre-auth-rce-in-cwmp
https://ssd-disclosure.com/iptime-pre-auth-rce-in-cwmp/