CVE-2026-1740

7.3 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows remote attackers to bypass authentication on EFM ipTIME A8004T routers via improper authentication in the Hidden Hiddenloginsetup Interface. Attackers can exploit this to gain unauthorized access to router administration functions. All users running affected firmware versions are vulnerable.

💻 Affected Systems

Products:
  • EFM ipTIME A8004T
Versions: 14.18.2 (specific version mentioned, other versions may be affected)
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default configuration. The Hidden Hiddenloginsetup Interface appears to be an undocumented administrative interface.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing attackers to reconfigure network settings, intercept traffic, install malware, or use the router as a pivot point into internal networks.

🟠

Likely Case

Unauthorized access to router administration panel leading to network configuration changes, DNS hijacking, or credential theft.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted WAN access and strong internal network segmentation.

🌐 Internet-Facing: HIGH - Attack can be performed remotely without authentication, making internet-exposed routers immediately vulnerable.
🏢 Internal Only: MEDIUM - Internal attackers or malware could exploit this to gain router access and pivot within the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub. The vulnerability requires no authentication and has simple exploitation steps.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: No

Instructions:

No official patch available. Monitor vendor website for firmware updates at https://iptime.com

🔧 Temporary Workarounds

Disable WAN Access to Administration

all

Block external access to router administration interface

Configure firewall to block incoming connections to port 80/443 from WAN
Disable remote management in router settings

Network Segmentation

all

Isolate router management interface to separate VLAN

Create separate management VLAN
Configure ACLs to restrict access to router IP

🧯 If You Can't Patch

  • Replace vulnerable router with different model/brand
  • Place router behind dedicated firewall with strict ingress filtering

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in administration panel. If version is 14.18.2 or potentially earlier versions, assume vulnerable.

Check Version:

Login to router admin panel and check System Status or Firmware Information page

Verify Fix Applied:

Test authentication bypass by attempting to access /cgi/timepro.cgi with exploit parameters. If access is denied without proper credentials, fix may be working.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access to /cgi/timepro.cgi
  • Authentication bypass attempts
  • Access from unexpected IP addresses to admin interface

Network Indicators:

  • HTTP requests to /cgi/timepro.cgi with specific parameters
  • Unauthorized admin access patterns

SIEM Query:

source="router_logs" AND (uri="/cgi/timepro.cgi" OR event="authentication_failure")

📊 Metadata

CVE ID: CVE-2026-1740
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-287
Published: February 2, 2026
Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share This