VYPR
Vendor

Efm

Products
5
CVEs
8
Across products
9
Status
Private

Products

5

Recent CVEs

8
  • CVE-2026-7834CriMay 5, 2026
    risk 0.64cvss 9.8epss 0.01

    A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been…

  • CVE-2026-2550CriFeb 16, 2026
    risk 0.64cvss 9.8epss 0.01

    A vulnerability was found in EFM iptime A6004MX 14.18.2. Affected is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi. The manipulation results in unrestricted upload. The attack may be performed from remote. The exploit has been made public and could be used.…

  • CVE-2026-8234HigMay 10, 2026
    risk 0.57cvss 8.8epss 0.00

    A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security_5g leads to stack-based buffer overflow. The attack may be initiated…

  • CVE-2026-7833HigMay 5, 2026
    risk 0.47cvss 7.2epss 0.02

    A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub_408F90 of the file /cgi/iux_set.cgi of the component ApplyRestore Endpoint. This manipulation of the argument RestoreFile causes command injection. The attack can be…

  • CVE-2026-1740HigFeb 2, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication. The attack may be performed from…

  • CVE-2025-14485MedDec 11, 2025
    risk 0.33cvss 5.0epss 0.02

    A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function show_debug_screen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm*&…

  • CVE-2026-1742MedFeb 2, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi of the component VPN Service. Such manipulation leads to unrestricted upload. It is possible to launch the attack…

  • CVE-2026-1741Feb 2, 2026
    risk 0.00cvss epss 0.00

    A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely.…