CVE-2025-14485 | EFM ipTIME A3004T 14.19.0 Administrator Password /sess-bin/timepro.cgi show_debug_screen aaksjdkfj command injection

A vulnerability was found in EFM ipTIME A3004T 14.19.0. It has been classified as critical. This vulnerability affects the function show_debug_screen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm*& causes command injection.

This vulnerability is tracked as CVE-2025-14485. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More