CVE-2025-55423
published 2026-01-20CVE-2025-55423: A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the controlURL value used to pass…
PriorityP271critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.33%
87.1th percentile
A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system() without proper validation or sanitization, allowing OS command injection.
Affected
163 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| iptime | a1004_firmware | 9.90.8 – 12.16.2 | — |
| iptime | a1004ns_firmware | 9.96.0 – 12.16.2 | — |
| iptime | a1004v_firmware | 9.90.8 – 12.16.2 | — |
| iptime | a104_firmware | 9.90.8 – 10.03.8 | — |
| iptime | a104ns_firmware | 9.96.0 – 12.16.2 | — |
| iptime | a104r_firmware | 9.90.8 – 10.07.4 | — |
| iptime | a1_firmware | 9.96.8 – 10.07.4 | — |
| iptime | a2003mu_firmware | 12.13.0 – 12.16.2 | — |
| iptime | a2003ns-mu_firmware | 10.00.6 – 12.16.2 | — |
| iptime | a2004_firmware | 9.90.8 – 10.07.4 | — |
| iptime | a2004mu_firmware | 10.08.6 – 12.17.0 | — |
| iptime | a2004ns-mu_firmware | 10.08.6 – 12.17.0 | — |
| iptime | a2004ns-r_firmware | 9.90.8 – 11.00.4 | — |
| iptime | a2004ns_firmware | 9.90.8 – 11.00.4 | — |
| iptime | a2004nsplus_firmware | 9.90.8 – 11.00.4 | — |
| iptime | a2004plus_firmware | 9.90.8 – 10.07.4 | — |
| iptime | a2004r_firmware | 9.90.8 – 10.07.4 | — |
| iptime | a2004se_firmware | 14.16.6 – 14.19.4 | — |
| iptime | a2008_firmware | 9.90.8 – 10.07.4 | — |
| iptime | a3002mesh_firmware | 12.05.4 – 14.19.4 | — |
| iptime | a3003ns_firmware | 9.99.8 – 11.00.4 | — |
| iptime | a3004-dual_firmware | 9.90.4 – 10.07.2 | — |
| iptime | a3004_firmware | 9.90.8 – 10.08.2 | — |
| iptime | a3004m_firmware | 14.18.4 – 14.19.4 | — |
| iptime | a3004ns-bcm_firmware | 9.95.8 – 11.00.4 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://docs.google.com/spreadsheets/d/1kryOFltCmnPJvDTpIrudgryt79uI4PWchuQ8-Gak24c/edit?usp=sharinghttps://github.com/0x0xxxx/CVE/blob/main/CVE-2025-55423/README.mdhttps://github.com/0x0xxxx/CVE/blob/main/CVE-2025-55423/assets/affected_products_cve_format.jsonhttps://iptime.com/iptime/?pageid=4&page_id=126&dfsid=3&dftid=583&uid=25203&mod=document
2026-01-20
Published