Primary

Context

ipTIME A2004 Access Control Vulnerability in hostinfo.cgi Allowing Unauthorized Information Disclosure

Vulnerability

An access control vulnerability has been identified in the ipTIME A2004 router, specifically in version 12.17.0. The issue resides in the '/login/hostinfo.cgi' component, where attackers can access sensitive information, including version details, without authentication. This vulnerability could be exploited by simply visiting the affected URL.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive information, such as device version details, which could be used for further attacks or exploitation.

Reproduction

To reproduce this vulnerability, navigate to the '/login/hostinfo.cgi' page on an ipTIME A2004 device running version 12.17.0. The version information will be displayed in the response headers, indicating successful exploitation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ipTIME A2004 Access Control Vulnerability in hostinfo.cgi Allowing Unauthorized Information Disclosure

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating