Command injection in ipTIME - #VU131145
Published: May 12, 2026
Vulnerability identifier: #VU131145
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: N/A
CWE-ID: CWE-77
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: ipTIME
Affected software:
ipTIME
ipTIME
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to command injection in the easycwmp CWMP handling logic when processing parameter values from SOAP messages. A remote attacker can send a specially crafted CWMP request to execute arbitrary code.
Exploitation can occur pre-authentication, and the injected command is executed with root privileges when the temporary command file is later processed with eval.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.