CVE-2026-11848

Vulnerability

A Missing Authentication vulnerability exists in IEI Integration Corp's iRM-IEI Remote Management application. The affected product is iRM-TSi410X before version v1.4.19. An unauthenticated remote attacker can exploit a specific functionality that lacks proper authentication checks, allowing access to partial system configuration information [1][2].

Exploitation

The attacker requires only network access to the management interface; no authentication or user interaction is needed. By sending crafted requests to the vulnerable endpoint, the attacker can retrieve system configuration details without prior authorization [1][2].

Impact

Successful exploitation results in the disclosure of partial system configuration information, compromising confidentiality (low impact). The attacker does not gain write or administrative access, and the scope remains unchanged (CVSS scope: unchanged) [1][2].

Mitigation

IEI Integration Corp released version v1.4.19 of iRM-TSi410X, which addresses this vulnerability. Users should update to v1.4.19 or later. The fix was publicly disclosed on 2026-06-12. No workarounds have been published for unpatched versions [1][2].