Main Vulnerability Database Exploits ID:12700 - Exploit for Command injection in ipTIME

ID:12700 - Exploit for Command injection in ipTIME

Published: May 12, 2026

Vulnerability identifier: #VU131145

Vulnerability risk: High

CVE-ID: N/A

CWE-ID: CWE-77

Exploitation vector: Remote access

Vulnerable software:
ipTIME

Link to public exploit:

https://ssd-disclosure.com/iptime-pre-auth-rce-in-cwmp

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to command injection in the easycwmp CWMP handling logic when processing parameter values from SOAP messages. A remote attacker can send a specially crafted CWMP request to execute arbitrary code.

Exploitation can occur pre-authentication, and the injected command is executed with root privileges when the temporary command file is later processed with eval.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

ID:12700 - Exploit for Command injection in ipTIME

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human