CVE-2026-2550
📋 TL;DR
This vulnerability allows remote attackers to upload arbitrary files without restrictions to EFM iptime A6004MX routers via the commit_vpncli_file_upload function in timepro.cgi. This could lead to complete system compromise. All users of the affected router model and firmware version are at risk.
💻 Affected Systems
- EFM iptime A6004MX
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover with persistent backdoor installation, credential theft, and use as a pivot point for internal network attacks.
Likely Case
Malicious file upload leading to remote code execution, router configuration modification, or denial of service.
If Mitigated
Limited impact if network segmentation isolates the router and file uploads are monitored/blocked.
🎯 Exploit Status
Public exploit code exists on GitHub, making exploitation trivial for attackers with basic skills.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available - vendor did not respond to disclosure
Restart Required: No
Instructions:
No official patch available. Consider replacing the device or implementing workarounds.
🔧 Temporary Workarounds
Disable CGI Interface
allDisable the vulnerable CGI handler if not required for functionality
Check router documentation for disabling specific CGI endpoints
Network Segmentation
allIsolate the router from critical network segments and restrict access
Configure firewall rules to limit access to router management interface
🧯 If You Can't Patch
- Replace the vulnerable router with a different model from a responsive vendor
- Implement strict network access controls and monitor for suspicious file upload attempts
🔍 How to Verify
Check if Vulnerable:
Check router firmware version via web interface or SSH: System Information > Firmware VersionCheck Version:
Login to router web interface and navigate to System InformationVerify Fix Applied:
No fix available to verify. Monitor for vendor updates and check version after any potential update.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to /cgi/timepro.cgi
- Multiple POST requests to commit_vpncli_file_upload endpoint
Network Indicators:
- HTTP POST requests to /cgi/timepro.cgi with file upload patterns
- Unusual outbound connections from router
SIEM Query:
source="router_logs" AND (uri="/cgi/timepro.cgi" AND method="POST" AND size>100000)