{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24498", "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "state": "PUBLISHED", "assignerShortName": "krcert", "dateReserved": "2026-01-23T05:22:54.361Z", "datePublished": "2026-02-27T02:01:12.377Z", "dateUpdated": "2026-02-27T16:03:35.360Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ipTIME T5008", "vendor": "EFM-Networks, Inc.", "versions": [{"changes": [{"at": "15.27.2", "status": "unaffected"}], "lessThanOrEqual": "15.26.8", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ipTIME AX2004M", "vendor": "EFM-Networks, Inc.", "versions": [{"changes": [{"at": "15.27.2", "status": "unaffected"}], "lessThanOrEqual": "15.26.8", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ipTIME AX3000Q", "vendor": "EFM-Networks, Inc.", "versions": [{"changes": [{"at": "15.27.2", "status": "unaffected"}], "lessThanOrEqual": "15.26.8", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ipTIME AX6000M", "vendor": "EFM-Networks, Inc.", "versions": [{"changes": [{"at": "15.27.2", "status": "unaffected"}], "lessThanOrEqual": "15.26.8", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in EFM-Networks, Inc. IpTIME T5008, EFM-Networks, Inc. IpTIME AX2004M, EFM-Networks, Inc. IpTIME AX3000Q, EFM-Networks, Inc. IpTIME AX6000M allows Authentication Bypass.<p>This issue affects ipTIME T5008: through 15.26.8; ipTIME AX2004M: through 15.26.8; ipTIME AX3000Q: through 15.26.8; ipTIME AX6000M: through 15.26.8.</p>"}], "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in EFM-Networks, Inc. IpTIME T5008, EFM-Networks, Inc. IpTIME AX2004M, EFM-Networks, Inc. IpTIME AX3000Q, EFM-Networks, Inc. IpTIME AX6000M allows Authentication Bypass.This issue affects ipTIME T5008: through 15.26.8; ipTIME AX2004M: through 15.26.8; ipTIME AX3000Q: through 15.26.8; ipTIME AX6000M: through 15.26.8."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 6, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert", "dateUpdated": "2026-02-27T02:01:12.377Z"}, "references": [{"url": "https://iptime.com/iptime/?page_id=126&dffid=1&dfsid=15&dftid=589&uid=26901&mod=document"}, {"url": "https://www.boho.or.kr/kr/bbs/view.do?searchCnd=&bbsId=B0000302&searchWrd=&menuNo=205023&pageIndex=1&categoryCode=&nttId=71987"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-27T16:01:36.625361Z", "id": "CVE-2026-24498", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T16:03:35.360Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24498", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-27T16:01:36.625361Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T16:03:27.316Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "EFM-Networks, Inc.", "product": "ipTIME T5008", "versions": [{"status": "affected", "changes": [{"at": "15.27.2", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "15.26.8"}], "defaultStatus": "unaffected"}, {"vendor": "EFM-Networks, Inc.", "product": "ipTIME AX2004M", "versions": [{"status": "affected", "changes": [{"at": "15.27.2", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "15.26.8"}], "defaultStatus": "unaffected"}, {"vendor": "EFM-Networks, Inc.", "product": "ipTIME AX3000Q", "versions": [{"status": "affected", "changes": [{"at": "15.27.2", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "15.26.8"}], "defaultStatus": "unaffected"}, {"vendor": "EFM-Networks, Inc.", "product": "ipTIME AX6000M", "versions": [{"status": "affected", "changes": [{"at": "15.27.2", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "15.26.8"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://iptime.com/iptime/?page_id=126&dffid=1&dfsid=15&dftid=589&uid=26901&mod=document"}, {"url": "https://www.boho.or.kr/kr/bbs/view.do?searchCnd=&bbsId=B0000302&searchWrd=&menuNo=205023&pageIndex=1&categoryCode=&nttId=71987"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in EFM-Networks, Inc. IpTIME T5008, EFM-Networks, Inc. IpTIME AX2004M, EFM-Networks, Inc. IpTIME AX3000Q, EFM-Networks, Inc. IpTIME AX6000M allows Authentication Bypass.This issue affects ipTIME T5008: through 15.26.8; ipTIME AX2004M: through 15.26.8; ipTIME AX3000Q: through 15.26.8; ipTIME AX6000M: through 15.26.8.", "supportingMedia": [{"type": "text/html", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in EFM-Networks, Inc. IpTIME T5008, EFM-Networks, Inc. IpTIME AX2004M, EFM-Networks, Inc. IpTIME AX3000Q, EFM-Networks, Inc. IpTIME AX6000M allows Authentication Bypass.<p>This issue affects ipTIME T5008: through 15.26.8; ipTIME AX2004M: through 15.26.8; ipTIME AX3000Q: through 15.26.8; ipTIME AX6000M: through 15.26.8.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert", "dateUpdated": "2026-02-27T02:01:12.377Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24498", "state": "PUBLISHED", "dateUpdated": "2026-02-27T16:03:35.360Z", "dateReserved": "2026-01-23T05:22:54.361Z", "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "datePublished": "2026-02-27T02:01:12.377Z", "assignerShortName": "krcert"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:iptime:t5008_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7DAE25A-E048-4B95-A1E0-457E385EBE4B", "versionEndExcluding": "15.27.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:iptime:t5008:-:*:*:*:*:*:*:*", "matchCriteriaId": "FABD91BD-7958-41EC-88F2-046506F97997", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:iptime:ax2004m_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E47E8184-94CB-48FA-800E-1CD61723BB78", "versionEndExcluding": "15.27.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:iptime:ax2004m:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFBFCC0C-84BB-4F90-B22A-91C0F07E0012", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:iptime:ax3000q_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D82B0F8-9B9D-4003-AC2F-B0642B926263", "versionEndExcluding": "15.27.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:iptime:ax3000q:-:*:*:*:*:*:*:*", "matchCriteriaId": "C4CAA991-6478-4247-BDD1-53BA942E46CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:iptime:ax6000m_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2678F85D-C492-4438-99C1-029BCD38CE06", "versionEndExcluding": "15.27.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:iptime:ax6000m:-:*:*:*:*:*:*:*", "matchCriteriaId": "80E3DD3F-F602-4D44-879A-AD6BDEC007B3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in EFM-Networks, Inc. IpTIME T5008, EFM-Networks, Inc. IpTIME AX2004M, EFM-Networks, Inc. IpTIME AX3000Q, EFM-Networks, Inc. IpTIME AX6000M allows Authentication Bypass.This issue affects ipTIME T5008: through 15.26.8; ipTIME AX2004M: through 15.26.8; ipTIME AX3000Q: through 15.26.8; ipTIME AX6000M: through 15.26.8."}, {"lang": "es", "value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n sensible a un actor no autorizado en EFM-Networks, Inc. IpTIME T5008, EFM-Networks, Inc. IpTIME AX2004M, EFM-Networks, Inc. IpTIME AX3000Q, EFM-Networks, Inc. IpTIME AX6000M permite la omisi\u00f3n de autenticaci\u00f3n. Este problema afecta a ipTIME T5008: hasta 15.26.8; ipTIME AX2004M: hasta 15.26.8; ipTIME AX3000Q: hasta 15.26.8; ipTIME AX6000M: hasta 15.26.8."}], "id": "CVE-2026-24498", "lastModified": "2026-03-17T15:46:33.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vuln@krcert.or.kr", "type": "Secondary"}]}, "published": "2026-02-27T02:16:19.403", "references": [{"source": "vuln@krcert.or.kr", "tags": ["Release Notes"], "url": "https://iptime.com/iptime/?page_id=126&dffid=1&dfsid=15&dftid=589&uid=26901&mod=document"}, {"source": "vuln@krcert.or.kr", "tags": ["Third Party Advisory"], "url": "https://www.boho.or.kr/kr/bbs/view.do?searchCnd=&bbsId=B0000302&searchWrd=&menuNo=205023&pageIndex=1&categoryCode=&nttId=71987"}], "sourceIdentifier": "vuln@krcert.or.kr", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "vuln@krcert.or.kr", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,15.26.8]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "ipTIME AX2004M", "source": "cna", "vendor": "EFM-Networks, Inc."}, "product": "iptime_ax2004m", "vendor": "efm-networks"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,15.26.8]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "ipTIME AX3000Q", "source": "cna", "vendor": "EFM-Networks, Inc."}, "product": "iptime_ax3000q", "vendor": "efm-networks"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,15.26.8]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "ipTIME AX6000M", "source": "cna", "vendor": "EFM-Networks, Inc."}, "product": "iptime_ax6000m", "vendor": "efm-networks"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,15.26.8]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "ipTIME T5008", "source": "cna", "vendor": "EFM-Networks, Inc."}, "product": "iptime_t5008", "vendor": "efm-networks"}], "analysis": {"en": {"generated_at": "2026-04-17T14:05:12.512188+00:00", "value": {"mitigation_remediation": ["Upgrade the device firmware to a version that fixes the authentication bypass, preferably 15.26.9 or later for all impacted models.", "Restrict management access by disabling remote web management or configuring firewall rules to limit administrative interface connectivity only to trusted IP addresses.", "Change default or weak passwords on all administrative accounts and enable multi\u2011factor or more robust authentication options if available; monitor device logs for repeated unauthorized access attempts."], "summary": {"action": "Immediate Patch", "impact": "Authentication Bypass and Sensitive Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected devices include all EFM\u2011Networks, Inc. ipTIME models: the ax2004m, ax3000q, ax6000m, and t5008. Firmware versions through 15.26.8 are impacted. Users of these routers should verify their firmware version and ensure it is at least 15.26.9 or later to mitigate the issue.", "description_and_impact": "A vulnerability in the firmware of ipTIME routers permits an unauthenticated attacker to bypass standard authentication mechanisms and retrieve sensitive information stored on the device. The weakness corresponds to CWE\u2011200, focusing on exposing private data. The vulnerability does not grant execution privileges, but it allows read access to configuration, user database, or other confidential information, potentially enabling further manipulation of device settings or network traffic.", "risk_and_exploitability": "The CVSS score of 6 indicates a moderate severity, reflecting the combination of authentication bypass and data disclosure. EPSS shows an exploitation probability of less than 1\u202f%, implying that while the vulnerability exists, it is unlikely to be widely targeted. The vulnerability is not listed in the CISA KEV catalog. Attackers typically need to be within the local network or have a path to the router\u2019s management interface; precise exploitation details are not provided, so the presumed attack vector is internal or adjacent network access, with the attacker leveraging the weak authentication check to read information."}}}}, "created": "2026-02-27T09:12:27.188780+00:00", "title": "Authentication Bypass and Sensitive Information Exposure in ipTIME Routers", "updated": "2026-04-17T14:15:21.797048+00:00", "vendors": ["efm-networks", "efm-networks$PRODUCT$iptime_ax2004m", "efm-networks$PRODUCT$iptime_ax3000q", "efm-networks$PRODUCT$iptime_ax6000m", "efm-networks$PRODUCT$iptime_t5008"]}