CVE-2026-2550 | EFM iptime A6004MX 14.18.2 /cgi/timepro.cgi commit_vpncli_file_upload unrestricted upload

A vulnerability categorized as critical has been discovered in EFM iptime A6004MX 14.18.2. Affected is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi. The manipulation results in unrestricted upload.

This vulnerability was named CVE-2026-2550. The attack may be performed from remote. In addition, an exploit is available.

Applying restrictive firewalling is recommended.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More