TROYANOSYVIRUS
Voltar para CVEs

CVE-2025-55423

CRITICAL
9.8

Descricao

A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system() without proper validation or sanitization, allowing OS command injection.

Detalhes CVE

Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado1/20/2026
Ultima modificacao1/30/2026
Fontenvd
Avistamentos honeypot0

Produtos afetados

iptime:a1iptime:a1004iptime:a1004_firmwareiptime:a1004nsiptime:a1004ns_firmwareiptime:a1004viptime:a1004v_firmwareiptime:a104iptime:a104_firmwareiptime:a104nsiptime:a104ns_firmwareiptime:a104riptime:a104r_firmwareiptime:a1_firmwareiptime:a2003muiptime:a2003mu_firmwareiptime:a2003ns-muiptime:a2003ns-mu_firmwareiptime:a2004iptime:a2004_firmwareiptime:a2004muiptime:a2004mu_firmwareiptime:a2004nsiptime:a2004ns-muiptime:a2004ns-mu_firmwareiptime:a2004ns-riptime:a2004ns-r_firmwareiptime:a2004ns_firmwareiptime:a2004nsplusiptime:a2004nsplus_firmwareiptime:a2004plusiptime:a2004plus_firmwareiptime:a2004riptime:a2004r_firmwareiptime:a2004seiptime:a2004se_firmwareiptime:a2008iptime:a2008_firmwareiptime:a3iptime:a3002meshiptime:a3002mesh_firmwareiptime:a3003nsiptime:a3003ns_firmwareiptime:a3004iptime:a3004-dualiptime:a3004-dual_firmwareiptime:a3004_firmwareiptime:a3004miptime:a3004m_firmwareiptime:a3004nsiptime:a3004ns-bcmiptime:a3004ns-bcm_firmwareiptime:a3004ns-dualiptime:a3004ns-dual_firmwareiptime:a3004ns-miptime:a3004ns-m_firmwareiptime:a3004ns_firmwareiptime:a3004tiptime:a3004t_firmwareiptime:a3004twiptime:a3004tw_firmwareiptime:a3008-muiptime:a3008-mu_firmwareiptime:a304iptime:a304_firmwareiptime:a3_firmwareiptime:a5004nsiptime:a5004ns-miptime:a5004ns-m_firmwareiptime:a5004ns_firmwareiptime:a6004mxiptime:a6004mx_firmwareiptime:a6004nsiptime:a6004ns-miptime:a6004ns-m_firmwareiptime:a6004ns_firmwareiptime:a604iptime:a604-v3iptime:a604-v3_firmwareiptime:a604-v5iptime:a604-v5_firmwareiptime:a604_firmwareiptime:a604g-muiptime:a604g-mu_firmwareiptime:a604g-skylifeiptime:a604g-skylife_firmwareiptime:a604miptime:a604m_firmwareiptime:a604muiptime:a604mu_firmwareiptime:a604riptime:a604r_firmwareiptime:a604seiptime:a604se_firmwareiptime:a604viptime:a604v_firmwareiptime:a6ns-miptime:a6ns-m_firmwareiptime:a7004miptime:a7004m_firmwareiptime:a704ns-bcmiptime:a704ns-bcm_firmwareiptime:a7nsiptime:a7ns_firmwareiptime:a8004bcmiptime:a8004bcm_firmwareiptime:a8004itliptime:a8004itl_firmwareiptime:a8004ns-miptime:a8004ns-m_firmwareiptime:a8004tiptime:a8004t-xriptime:a8004t-xr_firmwareiptime:a8004t_firmwareiptime:a804ns-muiptime:a804ns-mu_firmwareiptime:a8ns-miptime:a8ns-m_firmwareiptime:a9004miptime:a9004m-x2iptime:a9004m-x2_firmwareiptime:a9004m_firmwareiptime:ax11000iptime:ax11000_firmwareiptime:ax2002meshiptime:ax2002mesh_firmwareiptime:ax2004iptime:ax2004_firmwareiptime:ax2004bcmiptime:ax2004bcm_firmwareiptime:ax2004miptime:ax2004m_firmwareiptime:ax3004bcmiptime:ax3004bcm_firmwareiptime:ax3004itliptime:ax3004itl_firmwareiptime:ax8004bcmiptime:ax8004bcm_firmwareiptime:ax8004miptime:ax8004m_firmwareiptime:ax8008miptime:ax8008m_firmwareiptime:ew302niptime:ew302n_firmwareiptime:n102eiptime:n102e_firmwareiptime:n102eplusiptime:n102eplus_firmwareiptime:n102iiptime:n102i_firmwareiptime:n102iplusiptime:n102iplus_firmwareiptime:n104_blackiptime:n104_black_firmwareiptime:n104eiptime:n104e_firmwareiptime:n104eplusiptime:n104eplus_firmwareiptime:n104kiptime:n104k_firmwareiptime:n104plusiptime:n104plus-iiptime:n104plus-i_firmwareiptime:n104plus_firmwareiptime:n104qiptime:n104q-iiptime:n104q-i_firmwareiptime:n104q_firmwareiptime:n104riptime:n104r_firmwareiptime:n104s-r1iptime:n104s-r1_firmwareiptime:n104viptime:n104v_firmwareiptime:n1eiptime:n1e_firmwareiptime:n1plusiptime:n1plus-iiptime:n1plus-i_firmwareiptime:n1plus_firmwareiptime:n1viptime:n1v_firmwareiptime:n2eiptime:n2e_firmwareiptime:n2eplusiptime:n2eplus_firmwareiptime:n2plusiptime:n2plus-iiptime:n2plus-i_firmwareiptime:n2plus_firmwareiptime:n2viptime:n2v_firmwareiptime:n2vsiptime:n2vs_firmwareiptime:n3iptime:n3-iiptime:n3-i_firmwareiptime:n3_firmwareiptime:n5iptime:n5-iiptime:n5-i_firmwareiptime:n5_firmwareiptime:n6iptime:n600iptime:n6004riptime:n6004r_firmwareiptime:n600_firmwareiptime:n602eiptime:n602e_firmwareiptime:n602eplusiptime:n602eplus_firmwareiptime:n602seiptime:n602se_firmwareiptime:n604_blackiptime:n604_black_firmwareiptime:n604aiptime:n604a_firmwareiptime:n604eiptime:n604e_firmwareiptime:n604eplusiptime:n604eplus_firmwareiptime:n604plusiptime:n604plus-iiptime:n604plus-i_firmwareiptime:n604plus_firmwareiptime:n604riptime:n604r_firmwareiptime:n604rplusiptime:n604rplus-iiptime:n604rplus-i_firmwareiptime:n604rplus_firmwareiptime:n604siptime:n604s_firmwareiptime:n604seiptime:n604se_firmwareiptime:n604tiptime:n604t_firmwareiptime:n604tplusiptime:n604tplus_firmwareiptime:n604viptime:n604v_firmwareiptime:n604vplusiptime:n604vplus_firmwareiptime:n6_firmwareiptime:n7004nsiptime:n7004ns_firmwareiptime:n702bcmiptime:n702bcm_firmwareiptime:n702eiptime:n702e_firmwareiptime:n702eplusiptime:n702eplus_firmwareiptime:n702riptime:n702r_firmwareiptime:n704-a3iptime:n704-a3_firmwareiptime:n704bcmiptime:n704bcm_firmwareiptime:n704eiptime:n704e_firmwareiptime:n704eplusiptime:n704eplus_firmwareiptime:n704nsiptime:n704ns_firmwareiptime:n704qcaiptime:n704qca_firmwareiptime:n704v3iptime:n704v3_firmwareiptime:n8004riptime:n8004r_firmwareiptime:n8004viptime:n8004v_firmwareiptime:n804iptime:n804_firmwareiptime:n804aiptime:n804a3iptime:n804a3_firmwareiptime:n804a_firmwareiptime:n804riptime:n804r_firmwareiptime:n804tiptime:n804t3iptime:n804t3_firmwareiptime:n804t_firmwareiptime:n804viptime:n804v_firmwareiptime:n904iptime:n904_firmwareiptime:n904nsiptime:n904ns_firmwareiptime:n904plusiptime:n904plus_firmwareiptime:n904viptime:n904v_firmwareiptime:q1iptime:q1_firmwareiptime:q304iptime:q304_firmwareiptime:q504iptime:q504_firmwareiptime:q604iptime:q604_firmwareiptime:smartiptime:smart_firmwareiptime:t16000iptime:t16000_firmwareiptime:t16000miptime:t16000m_firmwareiptime:t24000iptime:t24000_firmwareiptime:t24000miptime:t24000m_firmwareiptime:t3004iptime:t3004_firmwareiptime:t3008iptime:t3008_firmwareiptime:t5004iptime:t5004_firmwareiptime:t5008iptime:t5008_firmwareiptime:v304iptime:v304_firmwareiptime:v504iptime:v504_firmwareiptime:v508iptime:v508_firmware

Fraquezas (CWE)

CWE-94

Referencias

https://docs.google.com/spreadsheets/d/1kryOFltCmnPJvDTpIrudgryt79uI4PWchuQ8-Gak24c/edit?usp=sharing(cve@mitre.org)
https://github.com/0x0xxxx/CVE/blob/main/CVE-2025-55423/README.md(cve@mitre.org)
https://github.com/0x0xxxx/CVE/blob/main/CVE-2025-55423/assets/affected_products_cve_format.json(cve@mitre.org)
https://iptime.com/iptime/?pageid=4&page_id=126&dfsid=3&dftid=583&uid=25203&mod=document(cve@mitre.org)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.