Primary

Context

ipTIME Routers OS Command Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Patched

A command injection vulnerability has been identified in various ipTIME router models, allowing for pre-authentication remote code execution with root privileges. The issue arises in the UPnP relay function, which improperly sanitizes data before passing it to the system command execution. This vulnerability affects a wide range of ipTIME routers across different product lines and firmware versions.

Impact

Exploitation of this vulnerability allows for unauthorized remote code execution with root privileges on the affected router.

Reproduction

The vulnerability can be reproduced by sending a command injection payload through an SSDP/UPnP server. After manipulating the DHCP response to redirect traffic, the router is tricked into executing the injected command with root privileges.

Remediation

Users can upgrade to the latest firmware version, which includes the patch for this vulnerability. Instructions for downloading the patched firmware are available on the ipTIME website.

Added: Jan 20, 2026, 7:53 PM

Updated: Jan 20, 2026, 7:53 PM

Affected Products

ipTIME A2003NS-MU

Moderate fix1 remedy

>= 10.00.6, <= 12.16.2

ipTIME N600

Moderate fix1 remedy

>= 10.00.8, <= 12.16.2

ipTIME A604-V3

Moderate fix1 remedy

>= 10.01.6, <= 10.07.2

ipTIME A6ns-M

Moderate fix1 remedy

>= 10.01.6, <= 14.19.4

ipTIME V508

Moderate fix1 remedy

>= 10.02.2, <= 10.06.4

ipTIME N704QCA

Moderate fix1 remedy

>= 10.02.4, <= 12.16.2

ipTIME A8ns-M

Moderate fix1 remedy

>= 10.03.2, <= 14.19.4

ipTIME A304

Moderate fix1 remedy

>= 10.05.4, <= 10.07.4

ipTIME A3004NS-M

Moderate fix1 remedy

>= 10.05.4, <= 14.19.4

ipTIME A5004NS-M

Moderate fix1 remedy

>= 9.90.2, <= 11.00.4

ipTIME A9004M

Moderate fix1 remedy

>= 10.05.4, <= 14.19.4

ipTIME N702R

Moderate fix1 remedy

>= 10.05.8, <= 10.06.8

ipTIME A604M

Moderate fix1 remedy

>= 10.06.4, <= 10.07.2

ipTIME A804NS-MU

Moderate fix1 remedy

>= 10.06.4, <= 12.10.2

ipTIME N804R

Moderate fix1 remedy

>= 10.06.4, <= 12.16.2

ipTIME A7004M

Moderate fix1 remedy

>= 10.06.8, <= 14.19.4

ipTIME A8004T

Moderate fix1 remedy

>= 10.06.8, <= 14.19.4

ipTIME A604G-MU

Moderate fix1 remedy

>= 10.07.4, <= 12.16.2

ipTIME A3008-MU

Moderate fix1 remedy

>= 10.08.4, <= 14.19.4

ipTIME A2004MU

Moderate fix1 remedy

ipTIME A2004NS-MU

Moderate fix1 remedy

>= 10.08.6, <= 12.17.0

ipTIME A604-V5

Moderate fix1 remedy

>= 10.09.2, <= 12.16.2

ipTIME A604R

Moderate fix1 remedy

>= 10.09.2, <= 12.16.2

ipTIME N702E

Moderate fix1 remedy

>= 10.09.2, <= 12.16.2

ipTIME N2V

Moderate fix1 remedy

>= 10.09.2, <= 12.16.8

ipTIME N604E

Moderate fix1 remedy

>= 10.09.2, <= 14.19.4

ipTIME N104E

Moderate fix1 remedy

>= 10.09.4, <= 12.15.2

ipTIME A8004ITL

Moderate fix1 remedy

>= 11.00.4, <= 14.19.4

ipTIME N102E

Moderate fix1 remedy

>= 11.00.8, <= 12.15.2

ipTIME N1V

Moderate fix1 remedy

>= 11.01.2, <= 12.07.6

ipTIME N102i

Moderate fix1 remedy

>= 11.01.2, <= 12.15.2

ipTIME T5004

Moderate fix1 remedy

>= 11.96.4, <= 14.19.4

ipTIME N602E

Moderate fix1 remedy

>= 11.96.6, <= 12.16.8

ipTIME AX8004BCM

Moderate fix1 remedy

>= 11.97.2, <= 14.19.4

ipTIME A8004T-XR

0 remedies

ipTIME A9004M-X2

0 remedies

ipTIME T5008

0 remedies

ipTIME N704E

0 remedies

ipTIME A8004BCM

0 remedies

ipTIME AX3004ITL

0 remedies

ipTIME A604G-skylife

Moderate fix1 remedy

>= 12.02.4, <= 12.12.4

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.8

remediation

0.0

relevance

2.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.8

remediation

0.0

relevance

2.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.