CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Iptime: >> A2004se Firmware Security Vulnerabilities

CVE-2025-55423

A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system() without proper validation or sanitization, allowing OS command injection.

CVSS Score

9.8

EPSS Score

0.003

Published

2026-01-20

Page 1

Vulnerabilities

Vulnerable Software

Iptime: >> A2004se Firmware Security Vulnerabilities

Products

Pricing

Contact Us